Last year was the second-biggest ever for data breaches around the world, a new report has revealed, with more than five billion records being stolen by hackers in around 6,500 breaches.
This is according to research from Risk Based Security, which noted that despite this huge volume, incidents were down overall from 2017 – at least for now. The company observed that 2018 showed an unusual pattern for breach activity, with the year starting slowly before the number of disclosure grew as the months passed, so it still may be the case that any new disclosure could result in the final figure surpassing 2017.
However, Inga Goddijn, executive vice-president of Risk Based Security, said that overall, she is encouraged by the figures from last year.
"The number of records exposed did come down about 36 per cent compared to last year and while the number of breaches is still quite high, we did not see a repeat of widespread events like WannaCry and Petya/NotPetya," she stated. "After year upon year of bad news, we’ll take improvement where it can be found."
One area for concern was that little progress appears to have been made when it comes to disclosing any breaches, despite the implementation of new legislation such as GDPR that greatly tighten the rules for reporting incidents in a timely manner.
Ms Goddijn said: "We assumed awareness of GDPR reporting requirements would put pressure on organisations to continue to close the gap. So it was surprising to see 2018 end at an average of 49.6 days [between discovery and disclosure], slightly above 2017’s average of 48.6 days."
Hacking by malicious external actors made up the majority of breaches (57.1 per cent), while insider breaches – whether accidental or malicious – accounted for 14 per cent of incidents.
However, it was web breaches, which made up 39.3 per cent of incidents, that exposed the greatest number of records. Overall, more than 60 per cent of breaches exposed email addresses, and about 57 per cent gathered involved passwords.
On the other hand, the proportion of breaches that exposed the most valuable personal data was relatively small, with 13.9 per cent exposing Social Security Numbers and 12.3 per cent including credit or debit card details.