Are You A Target for a Data Breach? Which Industry Has Suffered the Most in 2016?

Each year, National Cyber Security Awareness Month calls attention to the issue of cyber security. We also want to raise awareness about the scope of today’s cyber-security issues by discussing these four issues:

• Part 1: Number and size of breaches
• Part 2: Types of breaches
• Part 3: Industries under attack
• Part 4: Costs of breaches

In this third article in the series, we examine which industries are being targeted the most in 2016.

Healthcare Industry Hit Hardest Thus Far

On October 4, the Identity Theft Resource Center (ITRC) published a summary of data breach statistics for the first nine months of 2016, which includes 725 total breaches across all industries that have exposed more than 29 million records (the Yahoo breach of more than 500 million records is not yet counted in the total).

The results for the five industries studied, listed in descending order of the number of breached records, were as follows:

• Medical/healthcare: 36.6 percent of breaches, 47.8 percent of records
• Government/military: 7.4 percent of breaches, 42.1 percent of records
• Business: 43.0 percent of breaches, 8.7 percent of records
• Educational: 9.4 percent of breaches, 1.4 percent of records
• Banking/credit/financial: 3.6 percent of breaches, 0.1 percent of records

The statistics show that the healthcare industry accounts for nearly half of all lost or stolen records thus far in 2016. The IBM 2016 Cyber Security Intelligence Index also ranked healthcare at the top in its report on 2015 breaches, with manufacturing second, followed (in order) by financial services, government, and transportation.

The high ranking of the healthcare industry should not come as a surprise given that about one in three Americans were victimized by a healthcare data breach in 2015 alone. IBM X-Force security researchers found a 1,166 percent increase in reported healthcare breaches from 2014 to 2015.

Unfortunately, the rate of breaches shows no signs of waning, no doubt in part because health data continues to be highly valued on the dark web. The healthcare industry has suffered about six breaches a week thus far in 2016. And the IDC’s Health Insights group predicts that one in three healthcare recipients will be the victim of a healthcare data breach in 2016.

Other Industries Hit Hard by Breaches

The government and military sector ranks second on the ITRC’s list, accounting for more than 42 percent of total stolen or lost records in 2016. While breaches of Democratic politicians in the U.S. have made headlines, the Philippine government may have suffered the worst government data breach in history. And fear of cyber attacks is likely behind the Australian government’s recent decision to move census data offline—the second time that government has pulled back data that could pose a security risk.

The business sector hasn’t had as many records stolen, but it has suffered 43 percent of total breaches, which means businesses are attacked more often than the healthcare industry. So far this year, Eddie Bauer, Wendy’s, Oracle, and Yahoo are just a few of the big-name businesses that have suffered headline-grabbing breaches.

So what’s the bottom line for industries in 2016? As we described in the first two articles in this series, breaches are more common than ever in 2016, with both old forms of attack and newer, emerging ones such as ransomware. Whether you are in one of the hardest-hit industries or a less-targeted sector, assume that your business has been or will be hacked—and prepare accordingly.

In the final article in our four-part series, we’ll take a look at the high cost of data breaches, which will provide further motivation to prevent, limit, and recover quickly from them.