Current estimates put the number of worldwide Internet users at about three billion. In 2014 – according to new analysis – one record was stolen for every three of them. 76% of incidents affected North America, and identity theft was the main motivator for cyber criminals…
We knew that 2014 was a bad year for data breaches – scarcely a month went by without news of another large-scale incident – but Gemalto’s recently released 2014 Breach Level Index (2014: Year of Mega Breaches & Identity Theft) has now added some statistical heft to estimates of the scale of the problem. And it appears to have been much worse than we first thought.
The report notes that:
“[More] than 1,500 data breaches led to one billion data records compromised worldwide during 2014. These numbers represent a 49% increase in data breaches and a 78% increase in data records that were either stolen or lost compared to 2013.”
The scale of 2014’s incidents is staggering: eBay lost 145 million records, Home Depot 109 million, and JPMorgan Chase 83 million. There were also countless other incidents, all of which affected everyday Americans’ personal information.
Other notable findings
The report also found that:
- 76% of 2014’s incidents affected North America.
- 54% of data breaches were identity theft-based.
- The retail sector suffered 55% of the total number of breached records.
- 55% of incidents were the work of malicious outsiders.
- Only 4% of incidents involved encrypted data.
That last statistic requires further comment. Of all the incidents in 2014, only 4% of them – that’s 58 in total – involved “data that was encrypted in part or in full”. This is simply astonishing. Organizations are increasingly at risk of attack, the volume of data at risk is enormous, and yet sensible precautions seem to be largely ignored.
If your organization collects, processes, or holds information, it must take responsibility for it.
A responsible approach to data security
ISO 27001 is the international standard for information security management. It sets out the requirements of a risk-based information security management system – an enterprise-wide approach to data security that encompasses people, processes, and technology.
An ISO 27001-compliant ISMS developed and maintained according to risk acceptance/rejection criteria is an extremely useful management tool: as information security management decisions are informed by an assessment of the risks to information assets, any expenditure on controls can be balanced against the business harm likely to result from security failures.
ISO 27001 implementation the easy way
IT Governance has led hundreds of ISO 27001 registrations around the world, and has now developed a series of fixed-price ISO 27001 Packaged Solutions to allow organizations of all sizes, sectors, and locations to implement the Standard at a speed and for a budget appropriate to their individual needs.
The ISO 27001 Get A Lot Of Help Package combines core ISO 27001 standards and implementation guidance with key implementation tools, attendance at our Live Online masterclasses, and our unique Mentor and Coach service – all at a fixed price. What’s more, if you order online you’ll get a 10% discount.
For further guidance on implementing cybersecurity best practices in your organization, sign up for our free webinar: