What a year it has been for data security. Earlier this month, CBS 60 Minutes correspondent Bill Whitaker deemed 2014 “the year of the data breach,” and we find it hard to disagree. Kicked off by the mega-breach at Target at the close of the year prior, 2014 saw large-scale data breaches at many well-known companies such as Michaels, P.F. Changs, Home Depot and Jimmy John’s. Did the industry see the tidal wave coming? We take a look back at last year’s predictions and what made an impact in 2014.
Prediction: Data breach costs (per record) will decrease
Reality: According to the Ponemon Cost of Data Breach report, what actually took place was quite the opposite. In all but two of the ten countries data was collected for, the cost per record in a data breach increased from 2013 to 2014 - an average increase of over 13%.
The U.S. suffers the highest per capita cost at $201, but Germany and France aren’t far behind at $195 and $183, respectively.
Prediction: There will be a surge in cyber insurance sign-ups
Reality: One would think, given the number of mega-breaches that dominated the airwaves this year, an increase here would be a no-brainer, but Advisen and Zurich’s Fourth Annual Survey on Information Security and Cyber Liability Risk Management found cyber insurance purchases flatlined in 2014 after seeing steady increases the last several years. Surprisingly, another key number decreased - the number of those surveyed who could confirm their companies had a breach plan in place - down ten points to 62% this year.
What’s the reasoning behind these numbers? While it seems perplexing, we think Zurich’s Erica Davis hit the nail on the head.
“The nature of cyber security is evolving so quickly,” Davis said, “it can be difficult for businesses to keep track of the risks let alone the solutions.”
Prediction: Consumers will start to suffer from “breach fatigue”
Reality: While the notion of consumers becoming numb to data breaches due to the frequency at which they occur makes sense, recent surveys tell a conflicting story. We wrote about a survey released in October by CreditCards.com and Princeton Survey Research that found 45% of cardholders surveyed would likely avoid their regular stores during the holiday shopping season if the retailer had recently experienced a data breach.
However, a separate study conducted by Ponemon Institute on behalf of RSA found that only 14 percent of those surveyed felt a data breach would affect their shopping or banking behaviors.
Yet with all of that said, only 21 percent of consumers are confident that retailers are actually telling them when their information has been compromised - a troubling statistic no matter which side of the breach fatigue debate you stand on.
Prediction: Government will move closer toward data breach legislation
Reality: The lawsuits coming out of the Home Depot and Target breaches have forced legislators hands in moving on this issue quicker than originally expected. On December 10th, the Senate Banking Committee held an oversight hearing entitled “Cybersecurity: Enhancing Coordination to Protect the Financial Sector.” Witness statements were delivered by the U.S. Department of the Treasury, U.S. Department of Homeland Security, Office of the Comptroller of the Currency, United States Secret Service and the Federal Bureau of Investigation in an effort to examine the current cybersecurity landscape for the financial sector and determine ways to improve coordination to enhance efforts.
Data breach notification and information sharing legislation was proposed as a potential solution, and we’d bet on seeing much more discussion around this in 2015.
Learn how to get data breach notifications about your own company and affected customers four months faster than traditional methods by signing up for a demo of Rippleshot’s product below: