Page 4 - BLI Annual Report 2015
P. 4

BREACH LEVEL INDEX
DATA BREACHES
The one dominant characteristic
of data breaches in 2015 was
how much more personal they have become. The targeting of individuals’ identities and their personal information such as the data breaches involving the U.S. Office of Personnel Management, Anthem Insurance, and Experian exposed just how valuable this information has become to cybercriminals. While credit cards have built in security mechanisms that limit the exposure and risk
for individuals if they are stolen, theft of personally identifiable information is something totally different as more damage can be done with stolen identities and they are also more difficult to recover.
While 2015 might not have had
as many headline-grabbing data breaches as the previous year, it certainly saw a continuation of the large-scale assaults that have made cyber security a top priority for senior business executives and boards of directors at many companies. And what makes
the large-scale data breaches
of 2015 somewhat disconcerting is that they came despite the
fact that so many enterprises
are supposedly bolstering
their defenses in response to previous high-profile breaches.
Each of the five biggest breaches of the year resulted in the exposure of huge amounts
of personal information and identities. The most severe breach of 2015, which received the highest possible score in terms
of severity on the BLI, was an identity theft attack on Anthem Insurance. Other top breaches affected organizations including Turkey’s General Directorate
of Population and Citizenship Affairs, Korea’s Pharmaceutical Information Center, the
U.S. Office of Personnel Management and Experian.
social media and other sources. Never before has so much personally-identifiable information been available for potential theft.
Following are some of the most noteworthy examples of data breaches in 2015, including the number of records stolen, type
of breach and BLI risk assessment score. The score is calculated based on such factors as the
total number of records exposed, the type of data within the records, the source of the breach and
how the information was used.
The targeting of individuals’ identities and their personal information exposed just how valuable this information
has become to cybercriminals.
4
Since the Breach Level Index began tracking publicly disclosed data breaches in 2013, more
than 3.6 billion data records have been exposed. Surely the massive volumes of data theft reflects the fact that more information than ever is available for exposure, including data from mobile devices, online digital transactions,
A BLI score of 1 to 2.9 is classified as a minimal risk, 3 to 4.9 is moderate, 5 to 6.9 is critical,
7 to 8.9 is severe and 9 to 10 is catastrophic. The idea behind the scoring system in the BLI is to demonstrate that not all breaches have the same impact on organizations or the same amount of risk.


































































































   2   3   4   5   6