Nearly two billion documents were lost or stolen in the first half of 2017, more than for the whole of 2016, with the UK the experiencing the second highest number of reported incidents, according to Gemalto.
The security firm’s latest Breach Level Index represents a global database of public breach incidents.
It recorded 918 incidents in the first six months of 2017, amounting to 1.9 billion compromised records; way more than last year’s 1.4 billion and up 164% on the last six months of 2016.
However, the number could be even higher, with more than half (52%) of incidents having an unknown or unreported number of compromised records.
The UK was second only to the US in terms of the number of reported incidents (40), with over 28 million records compromised, up 130% on the second half of 2016.
Most of these came from a 26 million record breach at the NHS.
Half of data incidents in the UK involved a malicious outsider, while 38% were down to accidental loss and two-thirds (65%) are classed as identity theft.
However, Egress founder, Tony Pepper, explained that the figures around insider versus outsider breaches are misleading as the number of records compromised through accidental loss are much higher; accounting for 86% of the total.
“Accidental loss is therefore where organizations are putting themselves in the greatest danger, and companies have to begin acknowledge this risk,” he argued.
“This is where strategies have to change – businesses cannot just deploy ever more solutions to deter malicious outsiders, they need to engage with their own employees, reduce the insider threat and deploy technology alongside staff to help control the access and storage of data.”
Despite the doom-laden figures, the total number of incidents in the UK actually fell from 43 to 40, signalling ongoing efforts by organizations to improve cybersecurity, according to Gemalto director of product strategy, Joe Pindar.
“It’s important to remember that no business ever sets out to suffer a data breach, and that they are ultimately victims of the efforts of malicious attackers,” he added.
“With the UK Government’s newly proposed Data Protection bill aiming to implement GDPR into UK law, it’s time consumers and governments began to recognize the efforts of those businesses going the extra mile to keep their data secure. No matter how compliant a business is, or what measures they have in place, it only takes one mistake to allow a hacker access to vulnerable data.”