Data Breach Trends & Stats

Data Breach Trends

  • Human errors and systems glitches caused nearly two-thirds of data breaches globally in 2012, while malicious or criminal attacks are the most costly everywhere at an average of $157 per compromised record.

2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec, June 2013

  • Malicious attacks (defined as a combination of hacking and insider theft) accounted for nearly 47 percent of the recorded breaches in 2012 in the United States.  Hacking attacks were responsible for more than one-third (33.8 percent) of the data breaches recorded.

A Chronology of Data Breaches, Privacy Rights Clearinghouse, 2012

  • Worldwide, approximately 1.1 million identities were exposed per breach, mainly owing to the large number of identities breached through hacking attacks. More than 232.4 million identities were exposed overall during 2011. Deliberate breaches mainly targeted customer-related information, primarily because it can be used for fraud.

Internet Security Threat Report Volume 17, Symantec, April 2012

  • Companies in the computer software, IT and healthcare sectors accounted for 93 percent of the total number of identities stolen in 2011. Theft or loss was the most frequent cause, across all sectors, accounting for 34.3 percent, or approximately 18.5 million identities exposed in 2011.

Internet Security Threat Report Volume 17, Symantec, April 2012

  • Incidents involving hacking and malware were both up considerably in 2011, with 81 percent utilized some form of hacking and malware incorporated in 69 percent of data breaches.

2012 Data Breach Investigations Report (DBIR), Verizon Business, April 2012

  • Most data breach victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack; 79 percent of victims were targets of opportunity, and 96 percent of attacks were not highly difficult.

2012 Data Breach Investigations Report (DBIR), Verizon Business, April 2012

  • In a 2010 study, 46 percent of the lost laptops contained confidential data, only 30 percent of those systems were encrypted, and only 10 percent had other anti-theft technologies.

The Billion Dollar Lost Laptop Study, Ponemon Institute and Intel Corp., December 2010

Data Breach by the Numbers:

  • Total number of records containing sensitive personal information involved in security breaches in the United States is 608,087,870 in 3,763 data breaches since January 2005.

A Chronology of Data Breaches, Privacy Rights Clearinghouse, June 2013

  • According to DataLossDB, there have so far been 500 data breach incidents globally in 2013 and there were 1,612 incidents in 2012.

DataLossDB, Open Security Foundation’s formerly Attrition.org, June 2013

  • In 2012, the Identity Theft Resource Center (ITRC) documented 447 breaches in the United States, exposing 17,317,184 records. In the first half of 2013, there have so far been 255 incidents, exposing 6,207,297 records.

ITRC Breach Report, Identity Theft Resource Center, May 2013

Data Loss and Its Costs:

  • Globally, the cost of a data breach averaged $136 per compromised record, up from $130 the previous year.

2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec, June 2013

  • In the United States, data breach incidents cost companies $194 per compromised record. The average total cost per company that report a data breach in 2012 was down slightly at $5.4 million.

2013 Cost of a Data Breach: Global Analysis, Ponemon Institute and Symantec, June 2013

  • Through 2016, the financial impact of cybercrime will grow 10 percent per year due to the continuing discovery of new vulnerabilities.

Gartner Top Predictions for 2012: Control Slips Away, Gartner, December 2011

  • The average value of a lost laptop is $49,246 and the data breach costs represent 80 percent of the total cost of a lost laptop compared to two percent for replacing the computer. Encryption on average can reduce the cost of a lost laptop by more than $20,000.

The Billion Dollar Lost Laptop Study, Ponemon Institute and Intel Corp., December 2010

Data Breach Stats by Industry:

Medical/Healthcare Sector

  • The average cost per record of a healthcare data breach in 2011 was $240, which is 24 percent higher than average. Healthcare data breaches are the fourth highest by industry, behind the financial, pharmaceutical and communications sectors. (2011Annual Study: Cost of a Data Breach).

2011 Cost of a Data Breach: United States, Ponemon Institute and Symantec, March 2012

  • Thus far in 2013, 48 percent of reported data breaches in the United States have been in the medical/healthcare industry. In 2012, there were 154 breaches in the medical and healthcare sector, accounting for 34.5 percent of all breaches in 2012, and 2,237,873 total records lost.

ITRC Breach Report, Identity Theft Resource Center, May 2013

  • Since 2005, 25 percent of data breaches recorded by the Privacy Rights Clearinghouse were in the medical/healthcare sector, exposing 24,662,225 records.

A Chronology of Data Breaches, Privacy Rights Clearinghouse, June 2013

  • Since 2002, 16 percent of data loss incidents globally involved the medical sector. Last year, 15 percent of data breaches recorded on DataLossDB involved the medical sector.

DataLossDB, Open Security Foundation’s formerly Attrition.org, June 2013

Financial Sector

  • In 2011, the average cost per record of a data breach in the financial sector was the third highest at$247, and 27 percent higher than average. (2010 Annual Study: Cost of a Data Breach).

2011 Cost of a Data Breach: United States, Ponemon Institute and Symantec, March 2012

  • Thus far in 2013, 3.5 percent of reported data breaches in the United States were in the financial services sector. In 2012, financial services data breaches accounted for 3.8 percent of all reported data breaches and 470,048 total records.

ITRC Breach Report, Identity Theft Resource Center, May 2013

  • Since 2005, 13 percent of data breaches globally recorded by the Privacy Rights Clearinghouse were in the financial sector, exposing 256,217,888 records.

A Chronology of Data Breaches, Privacy Rights Clearinghouse, June 2013

Education Sector

  • The education sector has one of the lowest costs of data breach at $142 per lost record, which is 27 percent lower than average.

2011 Cost of a Data Breach: United States, Ponemon Institute and Symantec, March 2012

  • In the first half of 2013, 7.5 percent of reported data breaches in the United States were in the education sector and have exposed 168,145 records. In 2012, 13.6 percent of all reported data breaches were in the educational sector (2,304,663 records).

ITRC Breach Report, Identity Theft Resource Center, May 2013

  • Since 2005, 18 percent of data breaches recorded in the United States by the Privacy Rights Clearinghouse were in the education sector, exposing 10,695,778 records.

A Chronology of Data Breaches, Privacy Rights Clearinghouse, June 2013

  • 14 percent of data loss incidents globally since 2002 involved the education sector. Last year, 12 percent of data breaches recorded on DataLossDB involved the education sector, less than any other industry sector.

DataLossDB, Open Security Foundation’s formerly Attrition.org, June 2013

Insider IP Theft Trends

  • The majority of IP theft is committed by current male employees averaging about 37 years of age who serve in positions including engineers or scientists, managers and programmers.
  • About 65 percent of employees who commit insider IP theft had already accepted positions with a competing company or started their own company at the time of the theft. About 20 percent were recruited by an outsider who targeted the data. More than half steal data within a month of leaving.
  • Three-fourths (75 percent) of insiders stole material they were authorized to access and trade secrets were stolen in 52 percent of cases.
  • The majority of insider IP thieves (54 percent) used a network – email, a remote network access channel or network file transfer to remove the stolen data. However, most insider IP theft was discovered by non-technical staff members.

Behavioral Risk Indicators of Malicious Insider IP Theft: Misreading the Writing on the Wall,

Eric D. Shaw, Ph.D., Harley V. Stock, Ph.D., December 2011

More Resources:

Data Security/Privacy Experts:

Symantec has several experts in the area of data breaches and data loss prevention that are happy to provide you with comment and background. Please contact us.

Useful URLs: