With the first quarter of 2014 drawing to a close, now is a good time to review data breach news from the past four months and consider what that information may indicate about the state of cyber security in American businesses.
As of March 21, 2014, 191 data breaches had been reported, according to the Identity Theft Resource Center, which tracks such statistics. Those breaches exposed more than 4.2 million records, the ITRC reports. By comparison, there were 614 breaches in all of 2013, an average of 153.5 per quarter. Those breaches exposed nearly 92 million records, or about 23 million per quarter.
It looks like 2014 is already shaping up to outstrip last year in terms of the volume of breaches. As for the number of exposed records, we’ll take a wait-and-see approach.
Here’s how first-quarter 2014 data breach news shapes up:
- Not surprisingly, the medical and healthcare industry reported the highest number of breaches (98), but those breaches did not constitute the greatest number of compromised records (1.09 million).
- The business sector posted the highest number of compromised records, with more than 2.15 million exposed in just 53 breaches. However, 1.1 million of those records were from a high-profile retail breach that occurred late last year.
- Government and military ranked third, with 25 data breaches that exposed more than 194,000 records.
- While the education sector logged few breaches, with just eight, those incidents exposed more than 776,000 records – presumably most involving an age group (college kids) that is already at greater credit risk and identity theft.
- Also not surprisingly – given the industry’s emphasis on cyber security – the banking/credit and financial services industry logged the fewest number of breaches (seven) and exposed the fewest records (just less than 5,000).
While it’s far too early to call 2014 as a better or worse year for data breaches, a few clear messages have emerged from the stats we have to date:
- Healthcare continues to be a favored target for cyber criminals. Security practitioners in this industry will need to continue to be vigilant against a staggering array of cyber attacks.
- It’s apparent that cybercrime, in the form of data breaches, is not going away – or abating – any time soon.
- The diversity of breached organizations illustrates that whatever your industry, it’s imperative your company has a viable data breach response plan.