2018 Cyber Incident & Breach Trends Report
Date
Authors
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
It is difficult to get a complete, accurate picture of the overall cyber incident landscape. Much like putting together a jigsaw puzzle with only a handful of key pieces, it is possible to get a sense of the overall picture,but many of the details are missing. In tracking cyber incidents, many key data “pieces” exist, but are limited for a variety of reasons –they often represent only one vendor’s view of their user base, they are typically regional and not global, it is easier to measure attacks than measure which are successful, there is a lack of consolidated reporting mechanisms, and finally, it is still the case that most incidents go unreported. In this context, the approach taken in this year’s report is to lay out the various key statistics and trends across the types of cyber incidents, but not come to a definitive conclusion regarding a precise number of incidents. As in prior years, the report will still outline threat trends and how to address them.There are several organizations that track data breaches, mostly relying on public reports, though the results vary widely due to different methodologies. Risk Based Security reports the highest number at 6,515 breaches and 5 billion exposed records, both down from 2017. Identity Theft Resource Center also reports on breaches, finding 1,244 in 2018 with approximately 2 billion exposed records –the number of breaches is down from 2017 while the number of sensitiverecords exposed (447 million) is up significantly. Privacy Rights Clearinghouse reported 635 breaches and 1.4 billion exposed records in 2018, both down from 2017. Though these reports do include some international breaches, they do not cover all breaches worldwide, as shown in DLA Piper’s GDPR Data Breach Survey, which surveyed data protection authorities in the EU and found 59,000 reported breaches just between May and December 2018. (Author Text)