Data breaches are a “time bomb”
Earlier this week, a leading security expert warned that data breaches are a now a "time bomb". This is because too many companies are putting confidential customer information at risk.
The comments were made to the BBC by Bryan Sartin. Bryan is head of global security service at telecommunications company Verizon. They were made following the publication of a report which analysed thousands of successful cyber-attacks.
The annual Verizon Data Breach Investigations Report (DBIR) collated information from more than 41,686 security incidents, of which 2,013 were confirmed data breaches that hit large and small organisations all over the world.
Sartin, said he was "surprised" more breaches had not become public and suggested that there are "probably some big situations queuing up right now".
Significant findings of the 2019 report include:
- 52% of breaches were caused by hacking
- 33% of breaches were caused by social engineering attacks. This is where people are manipulated into breaking normal security procedures in order for criminals to gain access to systems
- Cyber thieves are increasingly and proactively targeting C-level executives
- 71% of breaches were financially motivated
- 25% of all violations were associated with espionage
- 29% of breaches involved stolen credentials.
- 56% of breaches took months, or even longer to discover.
What can we learn from this report?
UK companies that lose data face fines of up to 4% of their global revenues under current data protection law. Organisations are at greater risk of penalties if they delay reporting data breaches. And/or if they are found to have failed to protect personal data or clean up after a breach. So, it's important that they take the threat of cyber-attacks very seriously.
Speaking about the latest findings, Hayes Connor managing director and data protection heavyweight Kingsley Hayesadded his insight on this matter.
"Unfortunately, reports of a data breach time bomb are not exaggerated. In fact, we've been warning organisations about the level of risk they are exposed to since before GDPR.
"Having received thousands of enquiries from customers who have suffered as a direct result of a data breach caused by a cyber attack in the last twelve months alone, it has become clear to us that this is just the tip of the iceberg. And, disturbingly, the response provided by many of these organisations falls short of what we would expect. Businesses must do more to meet their data privacy responsibilities and provide adequate redress where they fail to do so, or risk increased compensation claims.
"But it's also vital to highlight, that the vast majority of data breaches are not caused by cybercriminals, but by simple human errors and a failure to ensure robust security processes. And every day, these smaller data breaches are causing misery and upset to people across the UK.
"So, when it comes to data breaches, it's just as important that businesses look at the threat from within, as well as putting measures in place to protect themselves from the bad guys."