Around 2.6 billion records were stolen in 2017, an 88% increase on the previous year’s figures, according to Gemalto.
The security firm’s 2017 Breach Level Index Report comprised data from publicly reported breaches around the world.
It revealed the US in first place, accounting for 1453 such data breaches, while the UK came a distant second with 80. Despite this, the number of records compromised in 2017 in the UK actually fell from 54.5 million in 2016 to 33.1 million.
It predicted that the number of reported breaches will rise sharply next year when the EU General Data Protection Regulation (GDPR) comes into force, mandating breach notification.
“On the face of it, UK organizations’ security and data protection seem to be improving. However, with GDPR on the horizon it’s likely that the total amount of lost data will rise nearer in line with the US, who have had to publicly reveal breaches for a number of years,” claimed Gemalto director of product strategy, Joe Pindar.
The headline figure of 2.6 billion records stolen seems at odds with a recent IBM report, which claimed breaches had fallen by 25% from a high of four billion in 2016. However, a Gemalto spokesperson confirmed to Infosecurity that IBM is likely to have included the Yahoo mega-breaches revealed in 2016 but which actually occurred in preceding years.
Gemalto “only tracks breaches that were disclosed and occurred in any given year,” they said.
Elsewhere the trends seem to tally with IBM and Verizon’s latest DBIR, which revealed human error and internal threats to be a major source of cyber-risk for organizations.
Accidental loss, comprising improper disposal of records, misconfigured databases and other issues, caused the exposure of 1.9 billion records – a 580% increase in the number of compromised records from 2016, according to Gemalto.
As if to confirm the severity of the insider threat, while malicious outsiders (72%) were the leading source of data breaches, these comprised only 23% of all compromised data. On the other hand, accidental loss was the cause of 18% of data breaches, but accounted for 76% of all compromised records.
“Worryingly, for UK organizations, is the number of records being compromised due to accidental loss. Companies are clearly not controlling or even knowing where their sensitive customer data is, so when it comes to complying with key aspects of GDPR like the ‘Right to be Forgotten,’ what hope is there that they will be able to remove customer data from all of their systems?” said Pindar.
“Whilst human error is something that all organizations have to deal with, if it’s not correctly encrypted, data can easily be compromised if it gets into the wrong hands. With just over a month to go, UK businesses don’t have a lot of time to get important points like this right.”
Like Verizon, Gemalto also found healthcare (27%) to be the hardest hit by breaches, followed by financial services (12%), education (11%) and government (11%).