Page 4 - BLI Annual Report 2016
BREACH LEVEL INDEX DATA BREACHES capitalists and others who have had their phone numbers hijacked and suffered nancial losses. Also notable about 2016 is that it was a year in which the scale of records lost, stolen or compromised during data breaches was much larger than in previous years. The key implication of this is that hackers are casting a wider net whenever they launch an attack against a given target. Hackers and other attackers launched 1,792 data breaches worldwide in 2016, according to the Gemalto’s BLI. The number of breaches was actually down 4% from 1,866 the year before, but still signi cant and damaging when you consider that almost 1.4 billion data records were lost or stolen in 2016 compared with 740 million in 2015. That represents and increase of 86%. According to the BLI, malicious outsiders such as hackers and cyber criminals were by far the leading source of data breaches in 2016. Once again, identity theft was the most common type of breach. Of the industry sectors, healthcare was easily the hardest hit with breaches. And in terms of geography, the United States and North America had by far the largest numbers of disclosed breaches during the year. Following are some of the most notable data breaches in 2016, including the number of compromised records, type of breach, and the BLI risk assessment score. The score is calculated based on factors such as the number of records breached, the source of the breach, and how the stolen information was used. A score of 1 to 2.9 is classi ed as a minimal risk, 3 to 4.9 is moderate, 5 to 6.9 is critical. 7 to 8.9 is severe and 9 to 10 is catastrophic. The point of the scoring system in the BLI is to demonstrate that not all breaches have the same impact on organizations or the same amount of risk. Many of the top breaches were through account access and identity theft. Once again cyber security efforts are not preventing attacks from being successful. 4 Given that in some cases the number of records involved in a breach are not disclosed, the actual number of lost and stolen in data breaches might even be a lot higher. In other instances, like Yahoo!, it can take years for companies to identify or disclose a breach. But the numbers that are available on breaches and records stolen in 2016 are eye-opening, and once again show that cyber security efforts are not preventing these attacks from being successful. And consider that 936 out of the 1,792 breaches had an unknown amount of data records involved, because the information was not publicly available in the breach disclosure. This is noteworthy as it represents the dif culty of knowing exactly how many people’s records have been affected. Breach disclosure laws only require certain things such as informing people if they have been affected.