Organisations across the globe suffered as many as 1,765 "reported" data breaches that resulted in the loss or theft of 2.5 billion data records in 2017, 1.9 billion of which were lost or stolen due to human error or employee carelessness, security firm Gemalto's latest Breach Level Index report has revealed.
10 bn data records lost in 5 years
The index highlighted the alarming rate at which organisations across the world are suffering loss or theft of data records- be it enterprise or customer data, and that the rate of loss is increasing every year. Including the 2.5 billion data records lost in 2017 alone, the total number of data records lost since 2013 has exceeded 10 billion. In fact, the number of records stolen or lost in 2017 nearly doubled (88%) since 2016.
In the last five years, on an average, organisations have suffered loss or theft of 5,053,490 records every day, 210,562 records every hour, 3,509 records every minute, or 58 records every second.
Common human errors or examples of employee carelessness such as improper disposal of records, misconfigured databases and other unintended security issues resulted in the loss of 1.9 billion data records globally in 2017, a rise of 580% in the number of compromised records compared to the previous year.
At the same time, over 600 million data records were lost to identity theft which formed 69 percent of all data security incidents, and incidents that involved the loss of basic information such as name, address and/or phone number increased by 560% from 2016.
While 72 percent of all reported data breaches were orchestrated by malicious outsiders, such breaches resulted in the loss of only 23 percent of data. On the other hand, accidental loss was the cause of 18% of data breaches but still accounted for 76% of all compromised records.
33 mn data records compromised in the UK
In 2017, organisations based in UK suffered the second highest number of data security incidents in the world (80) after the United States, and suffered loss or theft of over 33 million data records in the entire year. Out of the 33 million, around 26 million data records were lost by the NHS alone thanks to the WannaCry ransomware attack which took place in May last year.
Even though malicious outsiders were behind 48 percent of data security incidents in the UK, the data loss owing to such attacks was minimal. On the other hand, 88% of all compromised records were accounted for by incidents of accidental loss that included improper disposal of records, misconfigured databases, and other unintended security issues.
"On the face of it, UK organisations’ security and data protection seem to be improving. However, with GDPR on the horizon it’s likely that the total amount of lost data will rise nearer in line with the US, who have had to publicly reveal breaches for a number of years," said Joe Pindar, Director of Product Strategy at Gemalto.
"Worryingly, for UK organisations, is the number of records being compromised due to accidental loss. Companies are clearly not controlling or even knowing where their sensitive customer data is, so when it comes to complying with key aspects of GDPR like the ‘Right to be Forgotten’, what hope is there that they will be able to remove customer data from all of their systems?
"Whilst human error is something that all organisations have to deal with, if it’s not correctly encrypted, data can easily be compromised if it got into the wrong hands. With just over a month to go, UK businesses don’t have a lot of time to get important points like this right," he added.