New ITRC Study: Why are companies not paying more attention to security breaches?

Author by Ted Wentzel

According to a new report from the nonprofit organization Identity Theft Resource Data Center, breaches in the U.S. are up 29 percent for the first half of 2017 with record high 791 incidents. Since most companies have not put a focus on privacy and security as a part of their core values, these numbers will continue to rise.

The most alarming part is that companies are taking an average of six months to spot a security breach, and then another 55 days to contain it, according to the ITRC’s report, which was sponsored by data risk management company CyberScout. This is simply too long. As the saying goes, time is money, and it couldn’t be more true for the cost of a security breach. Companies who’ve responded to breaches in 30 days saved an average of one million dollars compared to companies that took six months. The key is to have an incident response plan in place to save money and preserve trust.

What companies are experiencing security breaches the most?
ITRC tracks data breaches in five categories: financial, health/medical, government/military, education and business. The business category holds the highest percentage of breaches totaling 54.7 percent followed by the healthcare industry with 30.7 percent.

It’s known that 12 million records have been exposed so far this year due to security breaches. However, an alarming 67 percent of all the breach notices released did not indicate how many records were compromised, meaning this number is actually much higher.

What are the most common methods of attack?
Hacking is the primary method of data breaches making up 63 percent of the attacks. The second most common method is due to employee error or negligence followed by accidental exposure on the web as the third most common method.

Although they started out stealing credit card numbers, these hackers are taking data breaches to a new level by aiming for social security numbers instead. These numbers allow someone to pretend they’re someone else, which means they can open new bank accounts, apply for loans and even get medical treatment or apply for government benefits.

What should companies do to avoid a future security breach?
To start, companies need to understand the seriousness of these threats. They’re happening all the time, and it’s not slowing down. There needs to be a shift in policy from “convenience over security,” as the ITRC report suggests.
 
Author

Ted Wentzel

Director of Marketing

Tags in this Article