Over 2.5 billion records stolen or compromised in 2017
Almost 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88 percent increase over the previous year.
Although data breach incidents decreased by 11 percent, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since Gemalto began its Breach Level Index in 2013.
The index shows that over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represents the leading type of breach, accounting for 69 percent.
Malicious outsiders remain the number one cybersecurity threat with 72 percent of all breach incidents last year. Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22 percent of all breaches.
Accidental loss, including improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. This represents a huge 580 percent increase in the number of compromised records from 2016.
"The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact," says Jason Hart, vice president and chief technology officer for data protection at Gemalto. "In the event that the confidentiality, or privacy, of the data is breached, an organization must have controls, such as encryption, key management and user access management, in place to ensure that integrity of the data isn’t tampered with and it can still be trusted. Regardless of any concerns around manipulation, these controls would protect the data in situ and render it useless the moment it's stolen."