Number of data breaches falls but 2018 is still set to be the second worst year on record
In the final quarter of 2018, the number of reported breaches is down by eight percent and the number of exposed records is down around 49 percent, from seven billion in 2017.
The latest Data Breach QuickView report from Risk Based Security shows that seven breaches exposed 100 million or more records with the 10 largest breaches accounting for 84.5 percent of the records exposed this year to date.
"The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically," says Inga Goddijn, executive vice president at Risk Based Security. "However, an improvement from 2017 is only part of the story, since 2018 is on track to have the second most reported breaches and the third most records exposed since 2005. Despite the decrease from 2017, the overall trend continues to be more breaches and more 'mega breaches' impacting tens of millions, if not hundreds of millions, of records at once."
A new metric that Risk Based Security has been tracking in 2018 is the time interval between when a breach is discovered to when the event is publicly disclosed. Overall the gap has been closing over the last few years. However, looking at the averages 2018 shows no improvement compared to 2017 despite mounting regulatory pressure to speed up public disclosure. With 34.5 percent of breached organizations unwilling or unable to disclose the number of records exposed, there's clearly more progress to be made.
Hacking is still the leading cause of data compromise events, accounting for 57.1 percent of the disclosed breaches, however hacking is not responsible for the most records exposed. That dubious honor still belongs to fraud, which accounts for 35.7 percent of the records exposed so far this year. Though rarely focused on, skimming is a continuing problem at ATMs and for filling station operators. Approximately 53 percent of the skimming events were discovered at ATMs and 42 percent found on gas pumps.
Goddijn adds, "The primary difference between 2018 and 2017 is the lack of a catastrophic event like the WannaCry and Petya/NotPetya outbreaks that left an indelible mark on 2017. All it will take is another EternalBlue exploiting another widespread vulnerability to put us right back at at 'worst year ever' level of activity."
You can read more about the findings in the full report which is available from the Risk Based Security site.