One of the most common things companies might think about their chances for being victimized by a hacking attack or accident that results in a data breach simply can’t or won’t happen to them, but the fact of the matter is that the threat of this type of incident taking place is quite high. New statistics from the state of California highlight just how real this issue can be.
About 2.5 million people in the state of California had some amount of personal or financial information exposed in just 131 data breaches last year, according to a report from the office of Attorney General Kamala Harris. Moreover, if companies took even basic steps to properly safeguard the information in question, including encrypting information or keeping it within the company’s network, as many as 1.4 million fewer people would have been exposed, and breaches would have dropped by 28 percent.
“Data breaches are a serious threat to individuals’ privacy, finances and even personal security,” Attorney General Harris said. “Companies and government agencies must do more to protect people by protecting data.”
The data shows that the average data breach involved the exposure of 22,500 people in the state, though the median was slightly more than 10 percent of that (2,500), largely due to five breaches exposing 100,000 or more people, the report said. And while Harris notes that both companies and government agencies will have to do more to protect sensitive data, the fact of the matter is that the retail industry suffered more data breaches than any other sector last year, accounting for 26 percent of such incidents, while finance and insurance companies were not far behind at 23 percent.
Further, more than half of all the breaches in question involved the exposure of consumers’ Social Security numbers, which are generally considered to be the most valuable data point available when it comes to committing identity theft, the report said. And while 55 percent of all breaches were the result of intentional attempts to expose this information, that still means 45 percent were the result of companies or agencies falling short on data protection standards.
Other issues for companies
The state of California requires that companies which suffer data breaches must alert the consumers in question about the incident and what they may run into down the road as a result, the report said. However, the average notification message was apparently over-complicated and therefore difficult for victims to understand; it was written at a 14th-grade level, despite the fact that the average reading level in the U.S. is just eighth grade, and that, too could put consumers at additional risk.
Small businesses may be particularly targeted for data breaches because criminals know they are far less likely to have the resources available to protect sensitive customer or client information as fully as larger entities. Therefore, they may be more vulnerable to an attack. However, even beyond that, they may be unable to properly educate workers about the correct methods for handling sensitive information because they do not have the resources of expertise necessary to do so.
For these reasons, and because of how much data can be exposed in even one such incident, it might be wise for companies to take the time to invest in small business insurance policies, including tech insurance, that help to cover costs associated with remediating a data breach overall. These can grow to be extremely expensive in a very short period of time, and may be difficult for even relatively successful companies to cover those costs.