The State Of Breach Protection 2020 (Global Survey And Industry Report)

0 views

Skip to first unread message

Message has been deleted

Joao Charlesbois

unread,

Jul 10, 2024, 3:03:03 PM7/10/24

to riafrinatin

For companies, the GDPR requires meaningful changes in the way they collect, store, share, and delete data. Failure to comply could result in steep fines, potentially costing a company up to 4 percent of its global revenue. One company incurred a fine of $180 million for a data breach that included log-in and payment information for nearly 400,000 people.1The fine was imposed by the Information Commissions Office, the British data regulator, and is currently under regulatory process review. Another was fined $57 million for failure to comply with GDPR. A side effect of this regulation is an increased awareness among consumers of their data-privacy rights and protections. About six in ten consumers in Europe now realize that rules regulate the use of their data within their own countries, an increase from only four in ten in 2015.

Compromised Credentials a Growing Risk
The report also shed light on a growing problem in which consumer data (including credentials) is being compromised in data breaches, which can then be used to propagate further attacks. With 82% of individuals surveyed admitting they reuse passwords across accounts, compromised credentials represent both a leading cause and effect of data breaches, creating a compounding risk for businesses.

The State of Breach Protection 2020 (Global Survey and Industry Report)

Download https://vbooc.com/2yUFfG

1 IBM Institute for Business Value: COVID-19 and the future of business
2 Average cost of $4.96 million for those surveyed where remote work was a factor vs. $3.89 million when remote work was not a factor
3 The 2021 Cost of a Data Breach Report examines the cost of a mega breach based on a separate analysis of a specific sample involving loss or theft of one million records or more. The mega breach sample is not included in the overall average data breach report calculations, which examines data breaches ranging from 1,000-100,000 records.

As reported by many practitioners, from 2005 to 2019, the total number of individuals affected by healthcare data breaches was 249.09 million. Out of these, 157.40 million individuals were affected in the last five years alone [6]. In the year 2018, the number of data breaches reported was 2216 from 65 countries. Out of these, the healthcare industry faced 536 breaches. This implies that the healthcare industry has faced the highest number of breaches among all industries [7]. There were 2013 data breaches reported from 86 countries in the year 2019 [8]. The total number of healthcare records that were exposed, stolen, or illegally disclosed in the year 2019 was 41.2 million in 505 healthcare data breaches [8]. According to an IBM report, the average cost of a data breach in 2019 was $3.92 million, while a healthcare industry breach typically costs $6.45 million [9]. This cost was the highest in the USA compared to other countries. Usually, a data breach would fetch $8.19 million. However, the average cost of a healthcare data breach (average breach size 25,575 records) in the USA is $15 million [10]. The average cost of a data breach increased by 12% from 2014 to 2019, and the average cost of a breached record increased 3.4% in the same time period. Moreover, the cost of a breached record in the healthcare sector registered an increase of 19.4%, the highest in this time period [10,11,12,13].

The aforementioned facts and figures show that the data assets of individuals and organizations are at risk. Even more alarmingly, the healthcare industry in particular is being targeted by attackers, and is therefore the most vulnerable. Thus, data privacy and confidentiality has become a serious concern for both individuals and organizations. Healthcare data are more sensitive than other types of data because any data tampering can lead to faulty treatment, with fatal and irreversible losses to patients. Hence, healthcare data need enhanced security, and should be breach-proof. In this study, our main concern was to investigate the healthcare data breaches reported or published by different eminent and authentic sources. We aimed to examine the causes of these breaches and use the results to improve healthcare data confidentiality. The analyzed factors that lead to healthcare data breaches will be addressed in our future research work to improve healthcare data confidentiality.

The survey finds that the process of detecting, triaging, investigating, and containing a cyber incident takes organizations globally on average nearly seven days of working around the clock (totaling 162 hours), with an average of 31 hours to contain a cybersecurity incident once it has been detected and investigated. As a result, the majority of respondents (80%) report that in the past 12 months, they have been unable to prevent intruders on their networks from accessing their targeted data, with 44% pointing to slow detection as the cause.

Data breach costs continue to grow, according to new research, reaching a record-high global average of $4.45 million, representing a 15% increase over three years. Costs in the healthcare industry continued to top the charts, as the most expensive industry for the 13th year in a row. Yet as breach costs continue to climb, the research points to new opportunities for containing breach costs.

The research, conducted independently by Ponemon Institute and analyzed and published by IBM Security, constitutes the 18th annual Cost of a Data Breach Report. A leading benchmark study in the security industry, the report is designed to help IT, risk management and security leaders identify gaps in their security posture and discover what measures are most successful at minimizing the financial and reputation damages of a costly data breach.

Critical infrastructures pay about US$ 1 million more for a data breach compared to other industries. Ransomware attacks also appear to be increasing in this sector. The report found that 28% of surveyed critical infrastructures suffered a destructive ransomware attack.

Did you know that 59% of enterprises reported experiencing a data breach last year, yet 91% are still relying on usernames and passwords as their form of authentication? Now is the time to move from legacy authentication to modern, phishing-resistant MFA.

Yubico commissioned a research report conducted by S&P Global Market Intelligence, to survey senior professionals and executives in IT security, compliance, and cyber risk.

Employee negligence is the main cause of data breaches, according to a state of the industry report by Shred-it, an information security company. The report found that 47 percent of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization.

NetEase, a provider of mailbox services through the likes of 163.com and 126.com, reportedly suffered a breach in October 2015 when email addresses and plaintext passwords relating to 235 million accounts were being sold by dark web marketplace vendor DoubleFlag. NetEase has maintained that no data breach occurred and to this day HIBP states: "Whilst there is evidence that the data itself is legitimate (multiple HIBP subscribers confirmed a password they use is in the data), due to the difficulty of emphatically verifying the Chinese breach it has been flagged as "unverified."