Home What is a data breach?

What is a data breach?

When organizations experience a data breach, the term refers to the loss of proprietary data. Most modern day data loss occurs digitally, through computer systems that are connected to the internet. Data loss can occur for a variety of reasons.

Why would a data breach occur?

According to a recent global survey, 21% percent of data breaches occur because an employee simply loses a device (smartphone, tablet or laptop) that contains organizational data. As a result, an unintended person or persons may obtain the data, and exploit it.

Roughly 25% of data breaches are attributed to internal organizational personnel. Research shows that 48% of internal breaches are conducted with malicious intent, while 43% are accidental. Nine percent of these types of breaches fall into a grey zone in terms of motives.

Over 30% of data breaches are attributed to external hacking. Cyber criminals may worm their way into company databases that store social security numbers, credit card details, or other personal details. The stolen data is often released on the ‘dark web’, the internet’s black market. Once the data is on the dark web, others will be able to view and possibly purchase it for nefarious use. Cyber criminals weaponize personal data to commit fraud.

The remaining portion of data breaches typically occur due to third-party attacks or incidents.[1]

What types of organizations are typically data breach targets?

Although any organization that uses the internet can serve as a target, some organizations are more commonly targeted than others. Small-to-medium sized businesses are frequent targets due to their often limited cyber security protocols. Healthcare and financial institutions are also at high risk due to the quantity of personal information, including credit card data and social security/insurance information, that they collect and store.

Are data breaches serious?

According to published research, 80% of organizations have experienced data breaches at an extreme severity level; requiring notice to board members. [2]

What is the cost of a data breach?

The cost of a data breach regularly exceeds $300,000. In 2019, individual organizations spent as much as $4.1 million on attack clean-up costs. Automakers, retail/hospitality, healthcare and energy/utilities groups typically experience the highest costs.

Third party ‘ripple effect’ or ‘domino effects’ can present additional breach related challenges. Depending on the precise context, a third-party group may choose to pursue litigation. Stock prices may also plunge, and over time, customers may slowly move away from a breached organization.

How can you protect your organization from a data breach?

Use the following basic tips as jumping off points for preventing a data breach within your organization:

  • Enable multi-factor authentication wherever possible.
  • Explore password-less authentication methods, including tokens, YubiKeys or Auth0-related solutions.
  • Obtain strong cyber security infrastructure.
  • Choose a cyber security platform/portfolio that’s easy to manage.
  • Encrypt data prior to moving it to the cloud.
  • Be sure to comply with GDPPR, CCPA, PIPEDA, HIPPA and/or any other. compliance requirements related to your business or industry sector.
  • Develop a well-rounded privacy program that exceeds the demands of current legislation and regulations.
  • Provide employees with training around cyber security.
  • Be sure to continually explore emerging technologies and approaches to data protection.

What were some of the biggest data breaches of the decade?

In 2020, a European airline experienced a data breach that led to the loss of names, email addresses, and travel data. It is thought that the exposure of personal travel data may lead to security risks for some individuals, and it also represents a breach of privacy.[3]

In 2019, well-known banking institution experienced a data breach that involved the loss of 140,000 US social security numbers, and roughly a million Canadian Social Insurance Numbers. Over 100 million credit card customers across both the US and Canada were also impacted.

In 2017, an American insurance company reported a breach of consumer data, including names, social security numbers, birthdates, driver’s license numbers and hundreds of thousands of credit card numbers.[4]

Also in 2017, a US-based media company appeared in the headlines on account of a leak that compromised 1.4 billion records. This data breach occurred due to an internal team’s honest error. [5]

[1] Forrester “The State of Data Security and Privacy, 2020”, 27 February, 2020

[2] Tech Beacon, “31 cybersecurity stats that matter,” Jaikumar Vijayan

[3] Dark Reading, “EasyJet Sees 9 Million Customer Email Addresses Stolen”, 19 May, 2020

[4] Cyber Talk, “Seriously Equifax? Why the credit agency’s breach means regulation is needed”, 8 September, 2017

[5] Fortune, “Major Spammer Accidentally Leaks Data on a Billion People,” Jonathan Vanian, 6 March, 2017