Are Data Breaches Getting Larger?
This research says that data breaches are not getting larger over time.
“Hype and Heavy Tails: A Closer Look at Data Breaches,” by Benjamin Edwards, Steven Hofmeyr, and Stephanie Forrest:
Abstract: Recent widely publicized data breaches have exposed the
personal information of hundreds of millions of people. Some reports point to alarming increases in both the size and frequency of data breaches, spurring institutions around the world to address what appears to be a worsening situation. But, is the problem actually growing worse? In this paper, we study a popular public dataset and develop Bayesian Generalized Linear Models to investigate trends in data breaches. Analysis of the model shows that neither size nor frequency of data breaches has increased over the past decade. We find that the increases that have attracted attention can be explained by the heavy-tailed statistical distributions underlying the dataset. Specifically, we find that data breach size is log-normally distributed and that the daily frequency of breaches is described by a negative binomial distribution. These distributions may provide clues to the generative mechanisms that are responsible for the breaches. Additionally, our model predicts the likelihood of breaches of a particular size in the future. For example, we find that in the next year there is only a 31% chance of a breach of 10 million records or more in the US. Regardless of any trend, data breaches are costly, and we combine the model with two different cost models to project that in the next three years breaches could cost up to $55 billion.
The paper was presented at WEIS 2015.
just passin thru • August 25, 2015 6:46 AM
I don’t believe it.
I am pretty paranoid about such things, and take plenty of steps to protect my identity/info. I’ve even got my wife on board as well.
Despite that, I’ve recently been notified of breaches by (1) the state of South Carolina because I pay taxes there, and (2) UCLA Health Services, and (3) another, I forget who. Before that, nada.
Maybe the authors aren’t measuring it, but I think the likelihood of any random adult’s info being branched is cumulatively going up over time.
Even the paranoid aren’t safe, and are unlikely to be until lawmakers are shamed into protecting citizens and consumers; protecting (regulating, HA!) businesses that trade in this information is what creates a market for this assault on the public.