“Thanks to the combination of low risk detection and low barrier of entry into this type of activity, we anticipate open, unsecured data will continue to be an issue well into the new decade," said Inga Goddijn, Executive Vice President at Risk Based Security.
RICHMOND, Va. (PRWEB) February 12, 2020
Risk Based Security today released their 2019 Year End Data Breach QuickView Report, which finds that the total number of records exposed increased by 284% compared to 2018. In total, there were over 15.1 billion records exposed shattering industry projections. There were 7,098 breaches reported in 2019, a 1% increase on 2018, though the gap is anticipated to grow throughout Q1 2020 as more 2019 incidents come to light.
“2019 was a rough year for breach activity, with reported breaches reaching an all-time high and the number of records exposed up 284% compared to 2018,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “As ghastly as those numbers are, there is much more to the story of 2019 and it’s not entirely bad news. One bright spot is that the number of incidents where sensitive data was accessible but not confirmed as taken increased to 22.6% of breaches, compared to 18% at the close of 2018. So while the total number of unique records exposed was very high for certain events, the number of individuals whose data was put at risk is far fewer.”
However, 2019 has lived up to its reputation for being “the worst year on record” for breach activity with more breaches reported, more data exposed, and more credentials dumped online. Since the release of Risk Based Security’s Q3 report three months ago, 7.2 billion records were compromised, with only four events accounting for 93.5% of those records. The cause? Open and misconfigured databases that were made publicly accessible to anyone motivated to seek them out.
“The interest in finding these rich sources of information shows little sign of abating,” commented Inga Goddijn, Executive Vice President at Risk Based Security. “Thanks to the combination of low risk detection and low barrier of entry into this type of activity, we anticipate open, unsecured data will continue to be an issue well into the new decade.”
The 2019 Year End Data Breach QuickView Report covers the data breaches reported between January 1st and December 31st, 2019. Key findings state that by NAICS economic sector, technology providers pushed the Information sector to the top spot for number of breaches, followed by the Healthcare sector. Looking further into the data breach landscape, hacking remains the top breach type for number of incidents and exposed the most records this year.
About Risk Based Security
Risk Based Security (RBS) provides detailed information and analysis on Data Breaches, Vendor Risk Ratings and Vulnerability Intelligence. Our products, Cyber Risk Analytics (CRA) and VulnDB, provide organizations access to the most comprehensive threat intelligence knowledge bases available, including advanced search capabilities, access to raw data via API, and email alerting to assist organizations in taking the right actions in a timely manner. In addition, our YourCISO offering provides organizations with on-demand access to high quality security and information risk management resources in one, easy to use web portal.
Cyber Risk Analytics (CRA) provides actionable threat intelligence about organizations that have had a data breach or leaked credentials. This enables organizations to reduce exposure to the threats most likely to impact them and their vendor base. In addition, our PreBreach vendor risk rating, the result of a deep-view into the metrics driving cyber exposures, are used to better understand the digital hygiene of an organization and the likelihood of a future data breach. The integration of PreBreach ratings into security processes, vendor management programs, cyber insurance processes and risk management tools allows organizations to avoid costly risk assessments, while enabling businesses to understand its risk posture, act quickly and appropriately to proactively protect its most critical information assets.