Symantec Study Shows Data Breaches Increased 23% in 2014

It is April, which means the release of the Symantec Annual Internet Security Report. Each year the security software company releases a report compiled from the data that it collected during the course of the past year. The report – which can be viewed here – is an insight into the general state of cybersecurity. The figures show the number of security breaches rose 23% in 2014.

The report covers all industries, including healthcare, with the bulk of data breach victims affected by retail industry security breaches. Hacking incidents caused data to be exposed on a monumental scale and while there were fewer “mega-breaches” in 2014 – 4 breaches of more than 10 million records compared to 8 the previous year – the report states that data breach incidents are still a major issue. Hackers were responsible for a large number of the additional 23% of security breaches.

The report suggests that there were fewer cases of identity exposure in spite of the overall 23% rise. The report suggests ”this could indicate that many breaches— perhaps the majority—go unreported or undetected.” Some industries are not heavily regulated and while it is a legal requirement to report data breaches in the financial and healthcare sectors, in others there is not so much of an obligation to make a public announcement. The report found that a fifth of data breaches are not reported, which represents a 7% rise year on year.

2014 Security Breach Report Figures

The report indicates there were 312 security breaches in total in 2014 compared to 253 in 2013. The total number of identities exposed in these incidents was 348 million, compared to 552 million in 2013. The average number of identities per breach fell by half from 2.2 million in 2013 to 1.1 million in 2014. The median identities exposed per breach rose from 6,777 in 2013 to 7,000 in 2014.

It was a bad year for the retail industry, which registered more than double the number of exposed identities than the financial, healthcare, Govt. and public sectors combined, with 205 million identities exposed. The financial industry was second with 80 million, followed by the computer software sector with 35 million, and 7 million for each of the healthcare industry and the government and public category.

Healthcare Industry Reports the Highest Number of Breaches

In terms of number of individuals affected, the healthcare industry appears to have had 12 months of relative peace and quiet, with security incidents only accounting for 2% of the numbers of victims created.

The report shows that it has clearly not been all plain sailing for the healthcare sector, which dominated the tables for the number of security incidents registered. Healthcare reported 116 incidents, accounting for 37% of the total for the year. Retail was second with 34 incidents (11%), Education third with 31 (10%), with 26 for Gov. & Public (8%) and 19 for the financial sector (6%).

It may only be April but there has already been a fair indication of what next year’s security breach figures will look like. This year it has been the healthcare industry’s turn to be targeted by cybercriminals, and there has already been an 11-million record data breach at Premera and the 78.8 million-record data breach at Anthem Inc.

While sophisticated attacks by cybercriminals may be on the rise – and they can certainly cause the most harm – it is not networks and servers that are most at risk of causing breaches. Employee disclosures, insider snooping and physicians taking unencrypted laptops home and using them on their insecure home networks are all much bigger risks. Theft of these devices accounts for 53% of all data breaches according to lawyer Adam Greene in a presentation at HIMSS 2015.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.