2019 on track to be the “worst year on record” for data breach activity

12th September 2019

The first six months of 2019 have seen more than 3,800 publicly disclosed breaches exposing an incredible 4.1 billion compromised records. 

3.2 billion of those records were exposed by just eight breaches. According to Risk Based Security research newly published in the 2019 MidYear QuickView Data Breach Report,

Three breaches have made the list for the ten largest breaches of all time. These alarming headlines demonstrate that more needs to be done to protect sensitive personal data. Data is now described as a commodity that requires the utmost protection, which it still isn’t getting even with the introduction of the GDPR.

“The majority of breaches reported this year had a moderate to low severity score,” the report stated and exposed 10,000 or fewer records.

This is important because many businesses wrongly assume that they are too small to be at threat of a data breach and that threat actors have no interest in them. In reality, it is all about the data, and small businesses often have tighter data security budgets and therefore, are seen as low hanging fruit. The big breaches make the headlines, but now that the GDPR has made it mandatory to report all breaches, we can now see that a higher ratio of smaller businesses are breached every day.

Interesting statistics

As for the exposed data itself, the report has email (contained in 70% of breaches) and passwords (65%) at the top of the pile.

60% of personal data breaches reported to the ICO in the first half of 2019 were the result of human error.

43% were the result of incorrect disclosure and 20% posting or faxing data to the wrong recipient.

Emailing information to incorrect recipients or failing to use the Bcc function accounted for 18%,

5% were caused by providing data in response to a phishing attack.

“All too often, organisations fixate on external threats, while the biggest cause of breaches remains the fallibility of people and an inherent inability of employees to send emails to the right person,” Tony Pepper, CEO at Egress, said. “Not every insider breach is the result of reckless or negligent employees, but regardless, the presence of human error in breaches means organisations must invest in technology that works alongside the user in mitigating the insider threat,” Pepper concluded.

RiskView can mitigate the risk of the insider threat by identifying any sensitive information that has been sent to a competitor, a personal address or even to a colleague that shouldn’t have access to that type of information. RiskView ensures that data governance is in place and provides evidence to demonstrate real compliance. Find out more > RiskView

View More Articles