Over 1,900 breaches reported in the first three months of 2019, a new Q1 record
May 7, 2019 • RBS
Risk Based Security today announced the release of its Q1 2019 Data Breach QuickView Report, which found that there were 1,903 publicly disclosed data compromise events in the first three months of the year, exposing over 1.9 billion records. No other first quarter has seen this level of activity, putting 2019 on pace to be yet another “worst year on record” for the number of publicly reported breaches.
“The number of data leaks – both in the form of open, unsecured services and credentials leaks – reached new levels this quarter,” commented Inga Goddijn, executive vice president and head of Cyber Risk Analytics. “Researchers are increasingly going public when they discover sizable, unprotected databases containing sensitive information and unfortunately, they aren’t terribly difficult to find when you know where to look.” The report finds that 67.6% of records compromised in Q1 were due to exposure of sensitive data on the Internet.
A particular area of interest for the research team is breach event timelines. Throughout 2018, the QuickView Reports focused on analysis of the time interval between the date an incident is first discovered by the breached organization, to the date the incident is first publicly disclosed. Initial research indicated the gap between discovery and disclosure incrementally shrank from 2014 though the first quarter of 2018, but stalled for the remainder of the year.
This lack of improvement prompted a new focus for 2019: digging deeper into the factors that may be influencing why some organizations are quicker to disclose a breach than others. This quarter, analysis focused on whether there is a correlation between discovery method and time to disclose. The theory being, organizations that are better able to detect a breach will also be better positioned to respond swiftly.
In an interesting twist, the data did indeed show there is a correlation between discovery method and time to disclose, but it was not the expected outcome. In Q1 2019, organizations that were alerted to the event from external sources – such as law enforcement, researcher or customer reporting, fraud monitoring or actor disclosure – were on average 31 days quicker to publicly disclose the event than organizations that learned of the incident through internal sources.
“Clearly our hypothesis, that organizations finding their own breaches will report them faster, was dead wrong this quarter,” commented Ms. Goddijn. “We will be following this metric closely throughout the year. For now, it’s too early to say whether the result we found for this quarter is an outlier or a fairly typical outcome.”
About the Data Breach QuickView Report
The Data Breach Quickview Report is made possible through the research conducted by Risk Based Security and Cyber Risk Analytics. It is designed to provide an executive level summary of the key findings from RBS’ analysis of breach activity disclosed in the first quarter of 2019. Contact Risk Based Security for any focused analysis of the breaches of specific interest to your organization.
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
Cyber Risk Analytics (CRA) provides actionable threat intelligence about organizations that have had a data breach or leaked credentials. This enables organizations to reduce exposure to the threats most likely to impact them and their vendor base. In addition, our PreBreach vendor risk rating, the result of a deep-view into the metrics driving cyber exposures, are used to better understand the digital hygiene of an organization and the likelihood of a future data breach. The integration of PreBreach ratings into security processes, vendor management programs, cyber insurance processes and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to understand its risk posture, act quickly and appropriately to proactively protect its most critical information assets.