Breach index: Encryption used in 4 percent of Q2 incidents

Share this article:
Michaels investigates possible payment card breach
Among 237 disclosed data breaches last quarter, encryption was used in only 10 instances.

Last quarter, organizations that reported data breaches only used encryption around four percent of the time to further safeguard data, a report found.

On Wednesday, data protection solutions firm SafeNet released its Breach Level Index report (PDF) for the second quarter of 2014, which examined 237 disclosed breaches worldwide. The incidents, which left 175 million customer records of “personal and financial information” exposed, included major breaches like those hitting eBay (145 million records) and the Montana Department of Public Health and Human Services (1.3 million people).

The report revealed that, among the breaches, encryption was only used in 10 out of the 237 incidents. Furthermore, only two incidents were classified as “secure breaches,” meaning strong encryption, authentication solutions or key management “rendered the data useless,” the report said.

The Q2 2014 report marks the first time that SafeNet noted the incidence of encryption during breaches.

Of note, the sector hit hardest by breaches last quarter, between April and June, was the retail industry, where 83 percent of records (or over 145 million records) were lost or stolen. Next in line was the government sector, which accounted for 11 percent of impacted records (over 19 million) in Q2.

On Wednesday, Tsion Gonen, chief strategy officer for SafeNet, told SCMagazine.com in an interview that, since the company began publishing the BLI report (now in its third quarter), the presence of encryption at companies has remained “static.”

Just one incident, for instance, where millions of unencrypted records are exposed, can overshadow smaller breaches where companies may have encrypted a lost or stolen laptop or devices, he explained.

Gonen does believe, however, that more companies will be forced to take up the security measure, as the costs and other consequences of breaches continue to climb.

“We don't see any significant increase in these [encryption] numbers as far as percentage,” Gonen said of the past year, later adding that he still expected to see a shift in behavior.

“I think we will see more encryption [being used]. We'll see companies doing more whether they like it or not,” Gonen said.

Accompanying the BLI report was a customer sentiment survey (PDF) which highlighted consumer attitudes about breaches. The study compiled responses from over 4,500 people in the U.S., UK, Germany, Japan and Australia, where 15 percent of individuals said they would “never again” shop or do business with a company experiencing a breach. Twenty-three percent of respondents said their patronage would be “very unlikely” after such an occurrence.

[An earlier version of this article incorrectly stated that encryption was used in 23 percent of data breach incidents.]
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

U.S. under cyber attack, losing ground to adversaries

In testimony to a Senate committee, cyber experts said the U.S. has fielded 600,000 attacks this year.

Researchers in China work on facial recognition payment app

The app is expected to be launched next year.

Mobile app study reveals privacy concerns

Mobile app study reveals privacy concerns

Of the more than 1,200 mobile apps that were assessed in a recent study, 75 percent requested one or more permissions.