Data breaches and malicious attacks soar despite US$124bn spent on security

News by Andrew McCorkell

Figures compiled in the ForgeRock data breach report show massive spend alongside rocketing levels of data breaches.

ForgeRock data breach report has found that across multiple major geographies, the number of consumers and organisations impacted by data breaches and malicious attacks continues to grow precipitously year-on-year.

Just in the US, 5billion records were exposed in 2019 at a cost of US$ 1.2 trillion (up from US$ 654 billion in 2018). And Q1 2020 data indicates that this year is set to outpace 2019 in terms of records breached.

The worldwide spending on information security-related products and services would exceed US$ 124 billion in 2019 - an increase of eight percent from 2018, Gartner estimated.

Speaking to SC Media UK, Nick Caley, vice president of UK and Ireland, ForgeRock, said:" While the financial services and education sectors were common targets too, our report found that across multiple geographies the healthcare sector was the most at-risk sector for data breaches by malicious actors in 2019. 

"Particularly concerning was the large number of phishing attacks, which far outranked any other type of malicious cyber-attack. The Covid-19 pandemic has not deterred cybercriminals - if anything, our analysis suggests that healthcare organisations face a greater threat now than at any other point in the previous 12 months.
"There has been a gold rush recently to unlock the value of health records - and clearly, as our report has found, that applies to both legitimate actors in the health-tech ecosystem and cybercriminals.  It’s vital that patients can trust that their sensitive data is being shared securely and only accessed by authorised parties in the healthcare ecosystem. As the sector undergoes sweeping digital transformation, it must remain vigilant to the increased threat level. 
"What’s motivating the malicious actors? Primarily, that the data is very valuable: it's information about your body, where you live, your date of birth, hospital treatments, prescriptions, and patient numbers. Second, people often don’t even notice health record theft for years. And third, when they do, it’s all but impossible to change those details. 
"In the UK, the NHS represents a golden goose unparalleled in other countries. No other healthcare provider is the custodian of over 55 million primary care records and 23 million secondary care records, so it’s not surprising that it faces up to 12,000 phishing attacks a day."

The report found that:

In the UK

  • The healthcare sector remains the most at-risk sector. Unique challenges around data sharing and the value of health information make it attractive – and often vulnerable – to cybercriminals
  • The Information Commissioner’s Office has a role to play in data breach prevention outside of enforcement. Compared to other jurisdictions, such as Australia, there is a lack of comprehensive publicly data for the industry to analyse. This knowledge-gap makes it more difficult for UK cybersecurity professionals to know where to concentrate their defensive efforts.
  • The nature of data breaches in the UK is evolving. Phishing attacks were the most common method of attack in 2019 and was a huge problem for the NHS in particular – its systems block nearly 12,000 phishing attacks a day.

In the US

  • Unauthorised access was the top attack method among cybercriminals (40 percent) for the second year in a row.
  • The average cost of a breach in the US increased 212 percent to US$ 8.19 million in 2019, up from US$ 3.86 million.
  • Malicious actors targeted the healthcare industry the most, compromising 45 percent of all breaches.

Andrew McCorkell recommends

The biggest data breaches of 2019

Read more

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews