(Bloomberg) – U.S. companies and government agenciessuffered a record 1,093 data breaches last year, a 40 percentincrease from 2015, according to the Identity TheftResource Center.
|Headline-grabbing hacks, with victims ranging from Wendy's Co. to theDemocratic National Committee, are increasing despite regulatoryscrutiny and more aggressive cyber-securityspending. Worldwide spending on security-related hardware,software and services rose to $73.7 billion in 2016 from $68.2billion a year earlier, according to researcher IDC. Andthat number is expected to approach $90 billion in 2018.
|Undiscovered and under-reported
"We are extremely confident that breaches are undiscovered andunder-reported, and we don't know the full scope," Eva CaseyVelasquez, chief executive officer of the Identity Theft ResourceCenter, said in an interview. "This isn't the worst-case scenariowe are looking at; this is the best-case scenario."
|Related: 8 ways to improve cyber insurance
|Data breaches in 2016 exposed everything from social securitynumbers to user account log-in names and passwords. Attacks knownas phishing, in which an employee is tricked into clicking anemailed link to give hackers access to a corporate network,accounted for about 56 percent of all breaches last year, accordingto the center. That's up from 38 percent in 2015. In many cases,employees received an email purporting to be from their company'schief executive officer or other high-level managers.
|"When we look at these massive numbers of records andpercentages, it's very easy to forget that each of these datapoints is a person, and there's someone behind this who is beingvery adversely affected," Velasquez said.
|Criminals can use stolen information such as social securitynumbers, addresses and names to file false tax returns, ordercredit cards and to siphon money out of consumers' bankaccounts.
|Training employees is essential
Adam Levin, chairman of the security company CyberScout LLC, which sponsored the report, saidtraining employees about data privacy and security is essential. "Alot of companies don't do it," he said.
|The Identity Theft Resource Center, which has been trackingbreaches since 2005, compiles its reports using data listed onstate regulators' web sites, as well as by filing Freedom of Information Act requests withvarious government agencies. Many data breaches still aren'tincluded in these numbers.
|Related: Cyber coverage for businesses up 85 percent since2011
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
