There were 781 data breaches last year, and 783 in 2014, the highest ever, Statista’s figures show– although remember that, since many data breaches take six or more months to discover, 2015’s figures may yet be adjusted.
In 2015, nearly 170 million records were exposed, just under twice the 85.6 million exposed in 2014 – but again the figures for 2015 may have to be adjusted upwards over time.
Still, it appears that security’s improving – 2009 saw the all-time high for the number of records exposed – about 222 million.
Insider threats played a major role in these breaches - employee negligence and employee theft ranked first and third in the top five causes of 160 breaches law firm BakerHostetler worked on in 2014
Employee negligence was the cause in 36 percent and insider theft in 16 percent of the cases. Healthcare organizations topped the list of those affected; education; financial services; retail insurance; technology; entertainment; and hospitality were the other sectors hit by breaches.
Attorneys General were notified in 59 cases, triggering inquiries 31 percent of the time; multi-state inquiries were initiated less than 5 percent of the time; credit monitoring was offered in 67 percent of the incidents; 58 percent of the incidents required notification of affected individuals; five companies faced litigation by potentially affected individuals; and, for incidents involving stolen payment card data, companies faced fines ranging from $5,000 to $50,000 for each instance of non-compliance with PCI data security standards. Between $3 and $25 was initially demanded for operating expense and fraud assessments per card involved.
The average consolidated total cost of a data breach in 2014 was $3.8 million, according to the Ponemon Institute’s 2015 Global Cost of Data Breach study, which covered 350 companies in 11 countries.
That was 23 percent higher than in 2013. It’s getting more expensive to resolve security incidents, which are increasing in frequency, Ponemon Institute founder and chairman Dr. Larry Ponemon said. Also, the financial consequences of losing customers are impacting the cost more, and investigations, assessments and crisis team management are getting more expensive.
Right here the truth of that old saw about an ounce of prevention being worth a pound of cure is apparent – spot potential insider threats and save millions of dollars and hundreds of hours of time dealing with the results of a breach, and with the resulting legal and business fallouts.
Here’s where Proofpoint ITM can help: It offers threat detection so companies know which users are putting them at risk and why; user behavior analytics to help identify abnormal user behavior and malicious activity; and data loss prevention, helping companies detect early indicators of risk before data gets lost or stolen from the enterprise network or servers.