This year saw its fair share of data breaches, but the number of actual breaches was surprisingly less than in 2012. However, the number of records reported stolen continues to rise.
In 2012, according to Privacy Rights Clearninghouse, all major organization types (healthcare, retail, financial, etc.) reported 684 breaches affecting nearly 28 million records. In 2013 the number of breaches dropped to 537, but the number of records more than doubled to 54.6 million. Out of those 537 reported in 2013 almost 200 (181 to be exact) were due to negligence, loss, and/or theft. While malicious and criminal attacks remain the most costly data breaches, the human factor (loss and negligence) still account for roughly two-thirds of data breaches.
The fines and costs for breached data are calculated on a per record basis. Last year the average consolidated data breach cost was $130, this year that number has risen to $136. By industry, those numbers tell a different story. The top three most expensive costs per industry were: Healthcare ($233 per lost record), Financial ($215 per lost record), and Pharmaceuticals ($207 per lost record). Globally, the United States and Germany incur the most costly breaches, $188 per record in the U.S., and $199 per record in Germany. This was the only statistic to remain the same from last year.
In the U.S. this year we saw several large breaches from Target, LivingSocial, Adobe, and Facebook, which saw several million to tens of millions of records affected. This infographic from InformationIsbeautifil.net beautifly shows the number and relative size of breaches from 2005 to present. It also has some great filters at the top that let you sort it by data sensitivity, how the data was leaked.
Even though these industries were able to reduce the number of breaches that occured, the severity of them has worsened. As we have stressed in the passed, network security is important, but data at rest still accounts for more breaches per year.