More than 575 million data records lost or stolen in 2013

Over 1.5 million data records were lost or stolen every day in 2013.

  • Thursday, 20th February 2014 Posted 10 years ago in by Phil Alsop

SafeNet, Inc. has launched a new website that catalogues data breaches as they happen, and provides a methodology for security professionals to score the severity of breaches and see where they rank among publicly disclosed breaches. With 1,699,821 UK data records lost or stolen in 2013, the SafeNet Breach Level Index (BLI) provides a centralised global database of breaches and calculates the severity of data breaches across multiple dimensions based on breach disclosure information.


As well as serving as a benchmark for the industry, CIOs and CSOs can use the website to quickly classify the severity of a breach within their own companies when communicating the level of urgency with affected customers or partners. The resulting data can also be used in their own risk assessment and planning.


“Not all breaches are created or should be treated alike. The Breach Level Index helps us track and differentiate between an insecure breach, in which customer data is compromised and lost, and a secure breach, where data is stolen but cannot be deciphered by cybercriminals because it is encrypted, rendering it useless to them,” said Jason Hart, VP of Cloud Solutions, SafeNet. “Based on several factors, the Breach Level Index will assign a numerical score to indicate the severity of a given breach, and that number will be significantly lower if the organisation in question has successfully limited itself to a secure breach and maintained the integrity of its confidential data.”


2013 Data Breach Highlights
The Breach Level Index provides details into hundreds of individual data breaches across the globe that can be sorted by breach type and affected industries. For 2013, in which more than 1,000 data breaches and 575 million data records lost or stolen, 44 per cent of data breaches did not even disclose how many data records were exposed. Highlights from last year include:
· By Breach Type:
o Malicious outsiders: 57 per cent of data breaches
o Accidental loss: 27 per cent of data breaches
o Malicious insiders: 13 per cent of data breaches
o Hacktivists: 2 per cent of data breaches
o State-sponsored activity: <1 per cent of data breaches
· By Industry Type
o Healthcare
§ 31 per cent of data breaches and 2 per cent of data records lost or stolen
§ Average records lost per breach: 49,000
o Government
§ 17 per cent of data breaches and 10 per cent of data records lost or stolen
§ Average records lost per breach: 630,000
o Financial
§ 15 per cent of data breaches and 1 per cent of data records lost or stolen
§ Average records lost per breach: 112,000
o Retail
§ 8 per cent of data breaches and 29 per cent of data records lost or stolen
§ Average records lost per breach: 6.6 million
o Technology
§ 11 per cent of breaches and 43 per cent of data records lost or stolen
§ Average records lost per breach: 5.7 million
o Other industry sectors
§ 23 per cent of breaches and 13 per cent of data records lost or stolen
§ Average records lost per breach: 619,000
· By Time:
o 1,576,555 data records lost or stolen every day
o 65,690 data records lost or stolen every hour
o 1,094 data records lost or stolen every minute
o 18 data records lost or stolen every second


SafeNet first collaborated with industry analyst firm IT-Harvest to develop the algorithmic formula used to determine breach severity in 2013. When calculating the severity of data breaches, the BLI factors in multiple inputs, including data type, number of records stolen, breach source, and whether or not the high-value data remained secure after the breach was discovered. These inputs are then processed through a proprietary algorithm that produces an index number, with 1 being least severe and 10 being most severe.


A New Mindset for Data Protection: Secure the Breach
The unprecedented surge in recent data security breaches demonstrates that conventional breach prevention strategies alone cannot protect data. In addition, increased investments in perimeter-based security cannot adequately secure the growing volume and changing nature of data that is constantly being accessed, moved, shared, and stored in virtualised and cloud environments and mobile devices. The perimeter no longer exists, thus creating vast new points of vulnerability. When the inevitable breach occurs, organisations must be prepared to secure the breach by attaching security directly to the data.


SafeNet’s data protection solutions help companies move to a Secure the Breach mindset when it comes to security. This means accepting that breaches will eventually occur and attaching security directly to data with strong authentication, encryption, and crypto management.
· SafeNet Encryption – Delivers unmatched coverage—securing databases, applications, personally identifiable information (PII), and storage in the physical and virtual data centre, and the cloud. It also provides the critical key management needed to effectively and efficiently enable protection across the enterprise wherever data resides.

· SafeNet Crypto Management – Centrally, efficiently, and securely manages cryptographic keys and policies across the key management lifecycle and throughout the enterprise, both in the cloud or on-premises.
· SafeNet Authentication – Offers flexible service delivery, which simplifies authentication implementation and management through automated processes, which drastically reduces the time and cost of provisioning, administration, and managing users and tokens compared to traditional authentication models.