Lessons from the World’s Largest Data Breaches

The volume of data breaches in both number of incidents and volume of records is truly staggering. Automated tools to identify and remediate Personally Identifiable Information (PII), such as those offered by Adlib, are the only practical solution to deal with the costly burden of data breaches. Companies and governments alike must continue to focus on their perimeter security but they must concurrently increase their focus on dealing with PII at the source. 40% of data breaches come from within the perimeter either through the intentional bad acts or carelessness of direct or indirect staff.

Here are a few more stats of interest via breachlevelindex.com data:

• The number of incidents in the first 4 months of 2016 was 654. This is an increase of 24% over the 2013 to 2015 average.
• The volume of records breached in the first 4 months of 2016 was over 256 million. This is the highest ever for the same period of the preceding 3 years.
• Since January 1, 2013, malicious outsiders have been responsible for just over half of breaches (56%). Insiders make up the remaining bulk at 40%. State-sponsored hacking and 'hacktivists' make up the remainder at 2% each.
• No industry is immune. Since 2013, data breaches have struck by industry as follows: Retail – 30%; Government – 22%; Tech Sector – 18%; Financial Services – 12%; Misc. – 10%; Healthcare – 8%.
• A study by IBM calculated the cost per breach at US$3.8 million. The total cost of data breaches for 2016 so far in lost customers, issue management, and security expenses surpassed US$2.5 billion in early May. The cost since January 1, 2013, is in the US$20 billion range.
• As of May 25th, Breachlevelindex.com puts the total number of records breached since January 1, 2013, at 3.989 billion. This is on pace to hit the 4 billion mark in June 2016 and the 5 billion mark in 2018.

Perhaps the most interesting thing is that awareness of the solution to PII breaches is much lower than awareness of the problem itself. This is partly because until recently there have been few software solutions that can both identify and remediate PII. Companies and governments need PII to serve their clients but its footprint within organizations can be substantially improved by limiting it to only essential processes and staff. More rare yet are automated solutions that can interrogate content wherever it resides to deal with PII. This is essential given that most firms don’t know all the places that PII is hiding within their systems.

Data breaches are here to stay and can never be eliminated. But the impact of breaches and the risk of corporate-held PII can be substantially mitigated. Technology is once again both the cause and the cure.

‍