2012 Sets New Record for Reported Data Breaches

[Erica Absetz <eabsetz () opensecurityfoundation org>]

http://www.riskbasedsecurity.com/2013/02/2012-sets-new-record-for-reported-data-breaches/

Risk Based Security’s 2012 Data Breach QuickView report, now available
for download, shows that 2012 broke the previous all-time record for
the number of reported data loss incidents. With 2,644 incidents
recorded through mid-January 2013, 2012 more than doubled the previous
highest year on record (2011). On a slightly positive note, although
the number of reported incidents increased, the number of records
exposed decreased. While over 267 million records were exposed in the
2,644 incidents, 2012’s total was significantly less than the 412
million records exposed in 2011.

The Business sector accounted for 60.6 percent of all 2012 reported
incidents, followed by Government (17.9%),Education (12.0%), and
Medical (9.5%). The Business sector accounted for 84.7 percent of the
number of records exposed, followed by Government (12.6%), Education
(1.6%), and Medical (1.1%).

76.8% of reported incidents were the result of external agents or
activity outside the organization with hacking accounting for 68.2% of
incidents and 22.8% of exposed records in 2012. Incidents involving
U.S. entities accounted for 40.7% of the incidents reported and 25.0%
of the records exposed.

The Data Breach QuickView report also revealed that individuals’
names, passwords, email addresses, and other miscellaneous data were
exposed in nearly 45% of reported incidents. In combination, this data
is more than enough information to commit identity fraud on a large
scale.

The latest information and research conducted by Risk Based Security
suggests that organizations in all industries should be on notice that
they face a very real threat from security breaches. Whether it is the
constantly increasing security threats, ever-evolving IT technologies
or limited security resources, data breaches and the costs related to
response and mitigation are escalating quickly. Organizations today
need timely and accurate analytics in order to better prioritize
security spending based on their unique risks.

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the partnership
and combined resources of the Open Security Foundation and Risk Based
Security. It is designed to provide an executive level summary of the
key findings from RBS’ analysis of 2012’s data breach incidents. The
report includes the results of research based on aggregating media
reports, news feeds, blogs, websites, and breach notification letters
looking for new data breaches and updates to known breaches.

Risk Based Security equips organizations with vulnerability
intelligence, data breach analytics, risk management services and
on-demand security solutions to establish customized risk-based
programs to address information security and compliance challenges. We
provide clear guidance and ensure that organizations are able to
implement the right security based on grounded data while making
solutions affordable. The security community is no longer confined to
limited data breach details and is now able to better focus on the
true risks to their organizations.
_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges.