Data Breach Trends
Updated: Jan 23, 2020
Unauthorized access, disclosure, phishing, malware, software vulnerability...
The number of data breaches is steadily trending upwards, and it is widely recognized as being an increasingly important concern for cyber security. The report that has been released by the Data Protection Commission (DPC) in October 2019 depicts the overall trend within the first year of the compulsory breach reporting system imposed by GDPR. From May 2018 on, all occurred data breach notifications have been recorded, and the number was 5818. Approximately 4% of these data breach incidents have been categorized as “non-breach” incidents because according to Article 4(12) GDPR these cases did not overlap with the exact definition of a personal data breach. A new breach reporting regime has been introduced, which intends to protect individuals or organizations if there is a risk of significant harm.
DPC’s Breach Assessment Unit (BAU) attempted to keep a record of all data breach notifications, regardless of the legislation that an organization is governed under (be it private or public sector), including several industries, such as telecommunications, insurance, and healthcare. The nature of the issues detected by BAU is dissimilar, as it embraces miscommunication, repeat breach notifications, and insufficient data presentation. The main problem detected by DPC is that 13% of all received notifications failed to satisfy the conditions imposed by DPC, which should normally be implemented within 72 hours by organizations.
Looking at the percentage of data breaches by type, it is easy to see that disclosed (unauthorized) breaches account for the largest share (83%). This number is followed by cyber incidents (7%), which include phishing, malware, software vulnerability, etc. The report also reveals the fact that the private sector is more vulnerable (65%) to cyber-attacks, compared to the public sector.
This could be due to the fact that most of the hardware, as well as software that governments use, are produced by private companies, and they carry out critical and extremely sensitive information. Therefore, the private sector is more likely to be subjected to cyber-attacks.