2012 Sets New Record for Reported Data Breaches

Risk Based Security’s 2012 Data Breach QuickView report, now available for download, shows that 2012 broke the previous all-time record for the number of reported data loss incidents. With 2,644 incidents recorded through mid-January 2013, 2012 more than doubled the previous highest year on record (2011). On a slightly positive note, although the number of reported incidents increased, the number of records exposed decreased. While over 267 million records were exposed in the 2,644 incidents, 2012’s total was significantly less than the 412 million records exposed in 2011.

The Business sector accounted for 60.6 percent of all 2012 reported incidents, followed by Government (17.9%), Education (12.0%), and Medical (9.5%). The Business sector accounted for 84.7 percent of the number of records exposed, followed by Government (12.6%), Education (1.6%), and Medical (1.1%).

76.8% of reported incidents were the result of external agents or activity outside the organization with hacking accounting for 68.2% of incidents and 22.8% of exposed records in 2012. Incidents involving U.S. entities accounted for 40.7% of the incidents reported and 25.0% of the records exposed.

The Data Breach QuickView report also revealed that individuals’ names, passwords, email addresses, and other miscellaneous data were exposed in nearly 45% of reported incidents. In combination, this data is more than enough information to commit identity fraud on a large scale.

The latest information and research conducted by Risk Based Security suggests that organizations in all industries should be on notice that they face a very real threat from security breaches. Whether it is the constantly increasing security threats, ever-evolving IT technologies or limited security resources, data breaches and the costs related to response and mitigation are escalating quickly. Organizations today need timely and accurate analytics in order to better prioritize security spending based on their unique risks.

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the partnership and combined resources of the Open Security Foundation and Risk Based Security. It is designed to provide an executive level summary of the key findings from RBS’ analysis of 2012’s data breach incidents. The report includes the results of research based on aggregating media reports, news feeds, blogs, websites, and breach notification letters looking for new data breaches and updates to known breaches.

Risk Based Security equips organizations with vulnerability intelligence, data breach analytics, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. We provide clear guidance and ensure that organizations are able to implement the right security based on grounded data while making solutions affordable. The security community is no longer confined to limited data breach details and is now able to better focus on the true risks to their organizations.