News

Data breaches take a big jump in 2016, study finds

February 8, 2017

The number of U.S. data breaches, tracked by the Identity Theft Resource Center, hit an all-time high of 1,093, according to a new report from the ITRC and CyberScout. ITRC is a nonprofit organization that assists victims of identity theft; CyberScout is cybersecurity firm primarily serving the financial services, insurance and employee benefits sectors.

Numbers for 2016 represented a 40 percent increase from 780 breaches in 2015.

Numbers for 2016 broken down by industry were:

• business — 494 incidents (45.2 percent);
• health care and medical — 377 incidents (34.5 percent);
• education— 98 incidents (9 percent);
• government and military — 72 incidents (6.6 percent); and
• banking, credit and financial sector — 52 incidents (4.8 percent).

For the eighth consecutive year, hacking, skimming and phishing attacks were the leading source of data breaches, the firms said.

Attacks in this category increased nearly 18 percent in 2016, while all other categories saw decreases from 2015. The three leading types of attacks were:

• hacking, skimming and phishing, 55.5 percent (up 17.7 percent from 2015);
• accidental email or internet exposure of information, 9.2 percent;
• employee error (including negligence, improper disposal and loss), 8.7 percent.

"With the click of a mouse by a naive employee, companies lose control over their customer, employee and business data," said Matt Cullina, CEO of CyberScout and vice chair of the ITRC board of directors. "In an age of an unprecedented threat, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution."