Findings of First Half 2016 Breach Level Index
records up 31% compared to previous six months
– Identity and personal data theft account for 64% of all data breaches
– Healthcare organizations account for nearly one-third of all data breaches
NL0000400653 GTO), the world leader in digital security, today released the
findings of the Breach Level Index revealing that data breaches increased 15%
in the first six months of 2016 compared to the last six months of 2015.
Worldwide, there were 974 reported data breaches and more than 554 million
compromised data records in the first half of 2016, compared to 844 data
breaches and 424 million compromised data records in the previous six months.
In addition, 52% of the data breaches in the first half of this year did not
disclose the number of compromised records at the time they were reported.
The Breach Level Index is a global database that
tracks data breaches and measures their severity based on multiple dimensions,
including the number of records compromised, the type of data, the source of
the breach, how the data was used, and whether or not the data was encrypted.
By assigning a severity score to each breach, the Breach Level Index provides a
comparative list of breaches, distinguishing data breaches that are a not
serious versus those that are truly impactful.
According to the Breach Level Index, more than
4.8 billion data records have been exposed since 2013 when the index began
benchmarking publicly disclosed data breaches. For the first six months of
2016, identity theft was the leading type of data breach, accounting for 64% of
all data breaches, up from 53% in the previous six months. Malicious outsiders
were the leading source of data breaches, accounting for 69% of breaches, up
from 56% in the previous six months.
“Over the past twelve months hackers have
continued to go after both low hanging fruit and unprotected sensitive personal
data that can be used to steal identities,” said Jason Hart, Vice
President and Chief Technology Officer for Data Protection at Gemalto.
“The theft of user names and account affiliation may be irritating for
consumers, but the failure of organizations to protect sensitive personal
information and identities is a growing problem that will have implications for
consumer confidence in the digital services and companies they entrust with
their personal data.”
Across industries, the healthcare industry
accounted for 27% of data breaches and saw its number of data breaches increase
25% compared to the previous six months. However, healthcare represented just
5% of compromised data records versus 12% in the previous six months.
Government accounted for 14% of all data breaches, which was the same as the
previous six months, but represented 57% of compromised records. Financial
services companies accounted for 12% of all data breaches, a 4% decline
compared to previous six months, but accounted for just 2% of compromised data
records. Retail accounted for 11% of data breaches, and declined 6% versus the
previous six months, and accounted for 3% of compromised data records. Education
accounted for 11% of data breaches and represented less than one percent of all
compromised records. All other industries represented 16% of data breaches and
16% of compromised data records.
In terms of top three geographic regions for
reported data breaches, 79% were in North America, 9% were in Europe, and 8%
were in Asia-Pacific.
Breach Level Index: Understanding That Not All
Data Breaches Are Equal in Severity
“As data breaches continue to grow in
frequency and size, it is becoming more difficult for consumers, government
regulatory agencies and companies to distinguish between nuisance data breaches
and truly impactful mega breaches,” said Jason Hart, Vice President and
Chief Technology Officer for Data Protection at Gemalto. “News reports
fail to make these distinctions, but they are important to understand because
each have different consequences. A breach involving 100 million user names is
not as severe as a breach of one million accounts with social security numbers
and other personally identifiable information that are used for financial
“In this increasingly digital world,
companies, organizations and governments are storing greater and greater
amounts of data that has varying levels of sensitivity. At the same time, it is
clear that data breaches are going to happen and that companies need to shift
from a total reliance on breach prevention to strategies that help them secure
the breach. That is why more focus needs to be understanding what really
constitutes sensitive data, where it is stored, and using the best means to
defend it. At the end of the day, the best way to protect data is to kill it.
That means ensuring user credentials are secured with strong authentication and
sensitive data is protected with encryption so it is useless to the
For a full summary of data breach incidents by
industry, source, type and geographic region, download the H1 2016 Breach Level
Index Report. http://www6.gemalto.com/breach-level-index-report-1H-2016-press-release
– Infographic: H1 2016 Breach Level Index http://breachlevelindex.com/assets/Breach-Level-Index-Infographic-H1-2016-1500.jpg
– Web Site: Breach Level Index http://breachlevelindex.com/
– Blog Post: 2016 Data Breach Statistics http://www6.gemalto.com/data-breaches-h1-2016?
– White Paper: Secure the Breach Manifesto http://www6.gemalto.com/bli-16/breach-manifesto
– Web Site: Secure the Breach http://www.securethebreach.com/