Page 4 - BLI Annual Report 2015
BREACH LEVEL INDEX DATA BREACHES The increased targeting of individuals’ identities and their personal information such as the data breaches involving Government and Healthcare organizations exposed just how valuable this information has become to cybercriminals. While credit cards have built in security mechanisms that limit the exposure and risk for individuals if they are stolen, theft of personally identi able information is something totally different as more damage can be done with stolen identities and they are also more dif cult to recover. While 2016 might not have had as many headline-grabbing data breaches as of yet, it certainly has seen a continuation of the large-scale assaults that have made cyber security a top priority for senior business executives and boards of directors at many companies. And what makes the large-scale data breaches somewhat disconcerting is that they came despite the fact that so many enterprises are supposedly bolstering their defenses in response to previous high-pro le breaches. Since the Breach Level Index began tracking publicly disclosed data breaches in 2013, more than 4.8 billion data records have been exposed. Surely the massive volumes of data theft re ects the fact that more information than ever is available for exposure, including data from mobile devices, online digital transactions, social media and other sources. Never before has so much personally-identi able information been available for potential theft. Following are some of the most noteworthy examples of data breaches so far in 2016, including the number of records stolen, type of breach and BLI risk assessment score. The score is calculated based on such factors as the total number of records exposed, the type of data within the records, the source of the breach and how the information was used. A BLI score of 1 to 2.9 is classi ed as a minimal risk, 3 to 4.9 is moderate, 5 to 6.9 is critical, 7 to 8.9 is severe and 9 to 10 is catastrophic. The idea behind the scoring system in the BLI is to demonstrate that not all breaches have the same impact on organizations or the same amount of risk. The increased targeting of individuals’ identities and their personal information exposed just how valuable this information has become to cybercriminals. 4 Information Center, the U.S. Of ce of Personnel Management and Experian.