2017 was a high-profile year for cyber attacks. Hundreds of millions of Americans were exposed to massive breaches at Equifax, Yahoo, and others. But while a few instances may have dominated headlines, the story of 2017 was how data breaches soared overall.
Data released by the non-profit Theft Resource Center brings the issue into stark relief. In 2017 there were 1,300 significant breaches at US organizations including businesses and government agencies. In 2005 there were less than 200 comparable instances.
The researchers are careful to point out that the numbers may not be as stark as they seem. Companies are now required or compelled to report breaches, which would inflate numbers over a decade ago. Unfortunately, there is plenty of other evidence to suggest that data breaches are becoming more common and more frequent.
The New Definition of Massive
We are used to hearing about data breaches that affect millions of consumers and involve huge amounts of stolen data. But since these massive attacks are so common, it’s hard to notice that they’re growing as well.
Download Branding Resources Guide
Building a brand starts by having the right tools and advice. Download our top 10 essential tools and resources to kick-start your branding.
The cybersecurity firm Gemalto estimates that 2.6 billion records were stolen over the course of 2017, which is an 88 percent increase over the previous year. That means hackers have multiple personal records on most people in the country.
The Gemalto data also highlights that theft isn’t the only troubling issue. The firm estimates that 1.9 billion records were lost accidentally. This could be due to improper disposal, misconfigured databases, or basic human error. Regardless, the total is 580 percent higher than the previous year. Hackers are troubling, but even simple mistakes can have huge consequences.
The New Definition of Cybersecurity
Cybersecurity was already an urgent issue headed into 2017. It’s not like companies were caught off-guard by the problem and suffered larger breaches as a result. The troubling fact is that companies invested a ton of time, energy, and money in cybersecurity. Yet breaches still skyrocketed.
That is leading many to rethink the shortsighted nature of cybersecurity. Historically it has focused on prevention and deflection, basically keeping threats out of networks. But after years of failed efforts, companies are considering the other half of the equation. Understanding that incidents are inevitable, responding to problems and mitigating damage are new priorities.
That is leading companies to create detailed response plans, organize emergency IT teams, and practice crisis PR. They are also taking out cyber policy insurance in order to insulate themselves from fines, penalties, and lawsuits. Companies increasingly understand that even if they can’t avoid cyber incidents, they can avoid the worst of the damage.
By the end of 2018, we will likely have recorded some new lows in cybersecurity. Hacking is a lucrative enterprise, which is why cyber criminals are more motivated than ever. Unfortunately, there is no reason to expect data breaches to decline next year or anytime in the near future.
Investing more in protection is the only practical and prudent way to respond. The key thing is not to invest short-shortsightedly. Protecting against threats is important, but so is recovering from them on sound and stable footing.