Though 2018 Will Likely Not Surpass 2017 Numbers – Still Significant Year For Breach Activity

The number of publicly reported breaches keeps pace with recent years while a staggering 3.6 billion records are exposed.

Risk Based Security today announced the release of its 2018 Q3 Data Breach QuickView report, showing there have been 3,676 publicly disclosed data compromise events through September 30. Breach activity continues at a consistent pace for 2018, which although significant in level, will likely not reach the numbers we saw in 2017.

Q3 2018 Data Breach Report

Key Findings Through Q3 2018

  • 3,676 breaches have been reported through September 30, exposing approximately 3.6 billion records.
  • Compared to the same point in 2017, the number of reported breaches is down 8% and the number of exposed records is down approximately 49% from 7 billion.
  • The Business sector accounted for 38% of reported breaches, followed by Government (8.2%), Medical (7.8%) and Education (3.9%).  Nearly 43% of breached organizations could not be definitively classified.
  • Seven breaches exposed 100 million or more records with the 10 largest breaches accounting for 84.5% of the records exposed year to date.
  • The Business sector accounted for 63.6% of the records exposed followed by Unclassified at 34.8% and Government at 1.4%. The pattern from 2017 and the first 2 quarters of 2018 remains the same, with the Medical and Education sectors combined accounting for less than 1% of the total records exposed year to date.
  • Fraud remains in the top spot for the breach type compromising the most records, accounting for 35.7% of exposed records, while Hacking takes the lead in number of incidents, accounting for 57.1% of reported breaches.
  • 2018 continues to be marked by a lack of transparency, with 34.5% of breached organizations unwilling or unable to disclose the number of records exposed.

“The number of reported breaches shows some improvement compared to 2017 and the number of records exposed has dropped dramatically,” said Inga Goddijn, Executive Vice President for Risk Based Security. “However, an improvement from 2017 is only part of the story, since 2018 is on track to have the second most reported breaches and the third most records exposed since 2005. Despite the decrease from 2017, the overall trend continues to be more breaches and more ‘mega breaches’ impacting tens of millions, if not hundreds of millions, of records at once.”

A new metric Risk Based Security has been tracking in 2018 is the time interval between when a breach is discovered by the compromised organization to when the event is publicly disclosed. Overall the gap has been closing. However, looking at the averages for each of the five years, 2018 shows no improvement compared to 2017 despite mounting regulatory pressure to speed up public disclosure. With 34.5% of breached organizations unwilling or unable to disclose the number of records exposed, there’s clearly more progress to be made.

Hacking continues to be the leading cause of data compromise events, accounting for 57.1% of the disclosed breaches, however hacking is not responsible for the most records exposed. That dubious honor still belongs to Fraud, which accounts for 35.7% of the records exposed so far this year. Though rarely focused on, skimming is a continuing problem at ATMs and for gas station operators. Approximately 53% of the skimming events were discovered at ATMs and 42% found on gas pumps.

“After the curiously slow start to the year, we had hopes that 2018 might finally signal a change in the breach landscape. Unfortunately, it’s become clear that is not the case. In practically every way, 2018 is on track to be just as ugly as prior years. Insider actions, both in terms of malicious activity as well as mishandling assets, continue to drive the high volume of data exposed and any early signs that the number of incidents was on the decline has evaporated,” commented Ms Goddijn. She went on to add, “The primary difference between 2018 and 2017 is the lack of a catastrophic event like the WannaCry and Petya/NotPetya outbreaks that left an indelible mark on 2017. All it will take is another EternalBlue exploiting another widespread vulnerability to put us right back at at ‘worst year ever’ level of activity.”

Ms. Goddijn concluded, “Based on what we are seeing in our vulnerability research group, the chances are good that another Heartbleed or EternalBlue is just around the corner.”

About the Data Breach QuickView Report

The Data Breach QuickView report is possible through the research conducted by Risk Based Security. It is designed to provide an executive level summary of the key findings from RBS’ analysis of breach activity disclosed in 2018. Contact Risk Based Security for any focused analysis of the 2018 vulnerabilities of specific interest to your organization.

Get your copy of the 2018 Q3 Data Breach QuickView Report

Attend Our Q3 Data Breach Quick View Report Webinar

We invite you to attend “The Data Breach Landscape – Trends and Highlights Through September 2018”  webinar being held on November 14th at 11 a.m. CT where we’ll take a deeper dive into the Q3 Data Breach report.

Please click the link below to attend:

Register For The Data Breach Landscape Webinar

About Risk Based Security

Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.

VulnDB is the most comprehensive and timely vulnerability intelligence available and provides actionable information about the latest in security vulnerabilities via an easy-to-use SaaS Portal, or a RESTful API for easy integration into GRC tools and ticketing systems. VulnDB allows organizations to search on and be alerted to the latest vulnerabilities, both in end-user software and the third-party libraries or dependencies that help build applications. A subscription to VulnDB provides organizations with simple to understand ratings and metrics on their vendors and products, and how each contributes to the organization’s risk-profile and cost of ownership.

Cyber Risk Analytics (CRA) provides actionable threat intelligence about organizations that have had a data breach or leaked credentials. This enables organizations to reduce exposure to the threats most likely to impact them and their vendor base. In addition, our PreBreach vendor risk rating, the result of a deep-view into the metrics driving cyber exposures, are used to better understand the digital hygiene of an organization and the likelihood of a future data breach. The integration of PreBreach ratings into security processes, vendor management programs, cyber insurance processes and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to understand its risk posture, act quickly and appropriately to proactively protect its most critical information assets.

YourCISO provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.  YourCISO provides organization ready access to a senior executives and highly skilled technical security experts with a proven track record, matched specifically to your needs. The YourCISO service is designed to be an affordable long term solution for addressing information security risks.  YourCISO brings together all the elements an organization needs to develop, document and manage a comprehensive information security program.

For more information, please visit:

or call 855-RBS-RISK