This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

B-Sides SF: Researchers estimate three 'major' data breaches each month

Share this article:

Verizon Risk researchers Kevin Thompson and Suzanne Widup have been crunching some numbers of data breaches...and they reckon that the number may be higher than you think.

B-Sides SF: Researchers estimate three 'major' data breaches each month
B-Sides SF: Researchers estimate three 'major' data breaches each month

Addressing hackers and InfoSec experts in their “Ripped from the headlines, what the news tells us about information security incidents” speech at B-Sides San Francisco, Widup and Thompson revealed how they have been investigating the data breach numbers since May of last year.

Since then, they've been using Verizon's Data Breach Investigations Report and the open-source Veris Community Database to compile over 3,000 data sets from sources including news articles, Google Alerts, nondisclosure agreements, the Attorney General's website, government breach tools, Freedom of Information Act requests and sometimes – just “asking nicely”.

Thompson admitted that their data analysis is in its early days and as such it's not perfect. He noted reporters getting information wrong, submitted data being duplicated and a lack of data consistency. There also appears to be a slight slant towards government and healthcare data (both of which are required to log major data losses), while the two used data systems (DBIR and VCDB) showed different results. For example, point-of-sale systems were the biggest source of a data leak on Verizon's own Data Breach Investigations Report, while human error was the biggest factor on VCDB.

However, Thompson said that what is not in denial in the sheer number of data breaches. Indeed, he noted Trend Micro's prediction last month of there being a major data breach each month in 2014 and said that that number is actually pretty low.

Using the Poisson Distribution theory to test the frequency of data breaches over a given time, Thompson revealed that major data breaches – which he classified as being over a million records and based on data from 2011 to 2013 – could be as high as three a month

“When I saw Trend Micro's prediction I thought it was pretty high,” said Thompson. “But the estimate is actually pretty low right now. Brace yourselves for an average of 3 [data breaches] a month.”

Thompson later told SCMagazineUK.com that the actual figure was 3.07 and that 2010 was not included as data breaches were not as widely reported at the time. “It was hard to tell if the zeros were real or if the breaches were not just being reported”.

Numbers like this have been hard to come by, although security software provider IS Decisions recently estimate that there have been over 300,000 internal security breaches in UK businesses over last year- averaging 1,190 per day. Intelligence consultancy firm Risk Base Security (RBS) estimated last week that there were 2,164 separate incidents, and over 822 million records exposed, in 2013 – nearly doubling the figures set in 2011.

Verizon's data is available on Github and the researchers are actively reaching out to companies and individuals to help them with their data (via participate@vcdb.com). They currently have just over 3,000 data sets, a significant rise from last August, when the database had just 1,200 incidents primarily from 2012 to 2013.

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

UK banks to get independent pen-testing?

UK banks to get independent pen-testing?

The UK's Bank of England (BoE) is reportedly planning to carry out a major pen-testing exercise in the Autumn.

The cloud: rapid adoption and rising levels of attacks

The cloud: rapid adoption and rising levels of ...

Research just published claims to show that there has been a significant increase in attacks against cloud and on-premises IT systems.

Windows XP support to cost £120 a year per machine

Windows XP support to cost £120 a year ...

Microsoft has quietly slashed the cost of continuing to support Windows XP.