Scary Data Breach Statistics of 2017

scarydatabreach2017

Curated by Paul Helmick

I’m a Technology CEO and Experienced Entrepreneur. I love helping people use technology to grow their business. 

  • Identity Theft Resource Center (ITRC) published its latest compilation of confirmed data breach notifications affecting US organizations and customers so far this year
  • 1,120 total breaches and more than 171 million records exposed is frightening
  • In all of 2016, the ITRC reported 1,039 total breaches and just over 36.6 million records exposed
  • What really stands out is the numbers that remain unknown
  • Breaches and the number of records exposed are in five categories
  • 1-Banking/Credit/Financial, 2-Business, 3-Educational, 4-Government/Military, 5-Medical/Healthcare
  • Here is the one-page summary  and the the full report that is truly eye-opening.
Total Number of Breaches Total Number of Records Exposed Number of Breaches with Total Records Identified Number of Breaches with Total Records Unknown
Banking/Credit/Financial 70 2,908,580 8 62
Business 584 156,942,081 68 516
Educational 104 1,145,430 38 66
Government/Military 55 5,800,133 41 14
Medical/Healthcare 307 4,815,692 266 41

 

In its half-year analysis of the 2017 US data breach landscape, the ITRC and CyberScout noted the following about the sources of identified data breaches:

  • Hacking (a category that includes phishing, ransomware/malware, and skimming) was the primary method of attack in 63% of the overall breaches.
    • Phishing figured into 47.7% of hacking-based attacks.
    • Ransomware and/or malware was identified in 18.5% of attacks attributed to hacking.
  • Employee-driven factors (i.e., error, negligence, improper disposal, and loss) were the root cause of 9% of breaches.
  • Accidental online exposure of data was identified in nearly 7% of breaches.

In examining these causes, it’s clear that employee behaviors figure into a large number of data breaches — and that human factor is costly. But the question is: Do your employees truly know how to avoid mistakes?

We’d make the case that users can’t forget things that they they’ve never known. Awareness is not knowledge. Simulated phishing attacks — while valuable assessment tools — are not training. And cybersecurity threats extend beyond the phish. To manage end-user risk more effectively, you must give your employees a seat at the table and empower them to be part of the solution — and thoughtful, ongoing security awareness training can help you do just that.

You Might Like