The number of data breaches that have happened since 2005 is larger than most people realize. With dozens happening every year and increasing in frequency from year to year, this has been a huge problem for corporations for over a decade. Companies like Target, Anthem, and Living Social lose millions of customers’ data every time it happens. This big data full of personal information is a goldmine for hackers who want to commit identity theft.
If data breaches are so serious, it’s hard to imagine that better protection hasn’t become available. Unfortunately, a number of factors come into play when looking at the problem. Combine a lack of IT security talent, a lack of room in company budgets to hire them, and technology that can’t keep up with hackers and the recipe for widespread data breaches is born.
Data breaches in 2014 were considerable. All types of companies are affected, and the kind of information stolen depends on what kind of information companies had about their customers or clients in the first place. The five companies affected most in 2014 were E-Bay, Chase, the Home Depot, Community Health Systems, and Michaels.
Who Do Data Breaches Affect?
Data breaches aren’t just dangerous for companies; the main goal of a data breach is to collect as much information about as many individuals as possible. This means names, addresses, social security numbers, credit card numbers, health information, and so much more. The data might never make it to a public place on the internet; that doesn’t mean it wasn’t compromised. E-Bay’s data breach affected 145 million people. Chase’s data breach reached 76 million people and seven million small businesses.
It often takes companies months to realize a data breach happened. The shortest response time came from E-Bay, Chase, and Community Health Systems. Each of those three companies detected the breach within three months. Michaels, on the other hand, took 11 months to realize that they had a security issue, as this Top Ten Reviews infographic shows.
How Much Do they Cost?
E-Bay and Chase haven’t yet calculated how much these data breaches will cost them, but for Community Health Systems, they estimate the cost at somewhere between 70 and 150 million dollars. The average cost for a company’s data breach is 3.5 million dollars, or $201 per compromised record.
Data breaches don’t just cost companies in dollars. They affect reputation, too. Reputation, brand value, and market image all take huge hits when a company suffers a data breach. Customers worried about identity theft and other forms of internet fraud need to be able to trust that their information is safe when they provide it to a company.
How Do they Happen?
Forty-four percent of data breaches happen because of malware, which often travels via email, but companies remain unprotected. The Ponemon Institute’s study on data breaches revealed that 68 percent of companies surveyed have no email encryption programs in place, and 51 percent had malware in their e-mail systems in the past 18 months. Worse, 55 percent didn’t know if they could count on their employees not to count on suspicious links or phishing scams sent via email.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.