I recently examined a dataset of over 12,000 cyber incidents that occurred during the years 2004-2014. These events include data breaches (unauthorized theft or loss of personal information), privacy violations (unauthorized collection or use of personal information), security incidents (hacks directed specifically at an organization), and other sorts of phishing or identity theft scams. The incidents relate to private sector corporations, but also include schools, non-profits, and many forms of government agencies. The figure below shows the trends in incidents over these years. Notice that the total numbers of data breaches has been increasing over the years, and swamp all other events. Further, security incidents (such as we see with ransomware, or theft of intellectual property) have been increasing dramatically in recent years.
As we further examine the total number of incidents, we see that some sectors suffer many more attacks, relative to others, as shown in the left panel of the figure below. This figure shows how finance and insurance companies suffer the greatest total number of breaches, followed by health care and government agencies. However, this only provides one view of the problem. The right panel shows the incident rate, by industry. That is, if we divide the number of incidents by the total number of companies (or agencies) in that sector, we get a sense of the percentage of entities, by industry, that are attacked the most. In a sense, it provides one measure of the risk borne by industry. For example, a value of 0.015 implies that 15 out of every 1000 agencies suffered some kind of cyber incident.
Interestingly, we see that while government agencies suffer quite a few incidents, they suffer the largest rate of attack. This variation across industries is important to understand because it helps identify which industries may want to consider greater investment in IT security.
In the next blog of this series, we will examine cyber incidents against government agencies in greater detail.