A Thing
The Green SheetGreen Sheet

Wednesday, December 13, 2017

Breaches affect nearly 1 in 3 businesses, survey finds

A report published Dec. 7, 2017, by The Hartford Steam Boiler Inspection and Insurance Co. (HSB), found almost one-third of U.S. business owners experienced a data breach in the last 12 months. The HSB survey, conducted by Zogby Analytics, cited third-party contractors, employee negligence, and lost or stolen mobile devices as leading causes of the criminal exploits, HSB representatives stated.

"The results highlight how closely our economy and society are interconnected digitally," stated Timothy Zeilman, Vice President at HSB, a cyber insurance company. "Almost all of our personal and business data can be accessible on the Internet through online business connections, websites and social media. And that exposes our private information to attacks from hackers and cyber thieves."

HSB, a member of Munich Re's Risk Solutions, commissioned the survey, which interviewed 403 U.S. executives from institutions with revenues ranging from under $5 million to more than $200 million, Zeilman noted. With a margin for error of plus or minus 5 percentage points, the survey sought to anticipate trends and help customers worldwide respond to the complex, evolving threatscape, he said.

Key report findings

Report findings indicate that 29 percent of small business owners have experienced a data breach during the 12-month survey period. Following are additional key survey metrics researchers provided:

  • Employee, contractor mistakes: 68 percent of all breaches were caused by employee or contractor error.

  • Lost, misplaced devices: Lost or stolen laptops, smartphones, tablets and storage media such as USBs and backup drives accounted for 20 percent of data breaches.

  • Hacking: Unauthorized access by hackers represented only 11 percent of data breaches studied.

  • Infrastructure gaps: Survey respondents said lack of plan (51 percent), lack of knowledge (41 percent) and lack of resources (38 percent) compromised their ability to react quickly to data breaches.

Knowledge, intelligent systems needed

Survey findings indicate a need for advanced authentication and protection, security analysts noted. "Fraudsters and organized criminal organizations are increasingly adept at leveraging a company's valuable data for ransomware and other types of attacks," said Lisa Baergen, Marketing Director at NuData Security Inc., a Mastercard company. "Moreover, stolen identity sets are usually sold to other cybercriminals and used for a myriad of criminal activities, including account takeover."

Outside vendors or contractors caused 47 percent of breaches, which highlights a need for more intelligent ways to authenticate customers, Baergen said. "It is not enough to verify users by their personally identifiable information to access an online account, as this is so widely available – and for low cost," she added. "Companies need a security intelligence that can evaluate not just the data but also the user behavior through passive biometrics."

Adding extra security layers can help companies detect behavioral anomalies and protect from unauthorized access, Baergen noted. "A multilayered solution that also looks at the human behavior won't avoid data breaches but will devalue stolen data and protect customers and businesses from breach damage," she said.

John Gunn, Chief Marketing Officer at VASCO Data Security concurred, adding, "We suspect the real rate of data breaches is significantly higher than reported, simply because many companies lack the forensic capabilities to detect that they have been compromised and that data has been stolen. It underscores the urgent need for businesses to implement multifactor authentication and a risk-based approach to access management."

An infographic of survey findings is available at www.munichre.com/HSB/data-breach-infographic-segments/index.html . end of article

Editor's Note:

The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.

Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.

2022 2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007
A Thing