Cyber Security Cloud Releases Research Report on Personal Data Breach Incidents due to Unauthorized Access from October 2019 to September 2020
Cyber Security Cloud, Inc. (CSC) released a research report that compares personal data breach incidents by industry. The report includes incidents with a damage scale of more than 1,000 cases and less than 1 million cases caused by unauthorized access published between October 1, 2019, and September 30, 2020. The retail industry has the highest number of cases and the number of breaches.
■ The ratio of Personal Data Breach Incidents by Industry
The research covered 50 medium-sized personal data breach cases with a damage scale of more than 1,000 cases and less than 1 million cases caused by unauthorized access and categorized the personal data breach cases into eight industries: manufacturers, retail, services and infrastructure, software and telecommunications, trading companies, financial services, advertising/publishing/media, and government/public offices/organizations, based on the information of the companies that announced the breach.
Retailers were the most commonly exposed to personal data breaches at 24%, followed by services and infrastructure at 22% and manufacturers at 18%. On the other hand, only 6% of breaches occurred in the financial sector.
■ Ratio of Public Companies (including subsidiaries) and Private Companies in Data Breach incidents
We also measured the ratio of incidents at listed companies (including subsidiaries) and found that approximately 43% of the incidents occurred at listed companies. Among them, the manufacturing industry had the highest percentage of listed companies at 67%, followed by the software and telecommunications industry at 50% and the services and infrastructure industry at 45%.
■ Comparison of the number of personal data breaches by industry
By industry, the retail industry had the highest number of personal data breaches at 926,002, followed by 594,753 in the manufacturing industry and 338,618 in the services and infrastructure industry, in proportion to the number of personal data breach incidents.
According to the results of this report, the ratio of listed companies over unlisted companies in the data breach incidents is the highest in the manufacturing industry, and even among listed companies, there is a possibility that the measures against unauthorized access may be inadequate even for a listed company, and it is necessary to strengthen the measures for the entire group, including subsidiaries.
On the other hand, although only 25% of the retail industry is listed, the largest number of cases occurred in the retail industry, indicating that many of the victims were non-listed companies with inadequate security measures. According to a survey*1 released by the Ministry of Economy, Trade, and Industry in July 2020, the domestic consumer and business-to-business e-commerce market in Japan in 2019 will expand by approximately 7.7% to JPY19.4 trillion compared to the previous year, and the rate of conversion to e-commerce is on the rise. In the retail industry, many companies operate their own e-commerce sites and handle customer information, which can be a target for cyber-attacks.
The report also indicates that the number of cases and the number of compromises in the financial industry, where vulnerabilities in payment services and other industries have been attracting attention in recent years, are far fewer than in other industries. In the financial industry, where strong security is required, there are cases where users are directly affected by damage, so the number of cases tends to at least attract attention.
When a company suffers a cyber-attack due to unauthorized access, not only can it cause brand damage and loss of trust, but it can also incur unexpected costs to investigate the damage and, in some cases, compensate the company for damages. In addition, the revised Personal Information Protection Law will be enforced by June 2022, which includes stronger penalties such as raising the maximum fine for companies responsible for personal information leaks to up to US$1 million. To prevent such damage from occurring, it is important to review your company's cybersecurity policies and take countermeasures.
・Period: October 1, 2019 - September 30, 2020
・Target: 50 personal data breach cases with a damage scale of more than 1,000 cases and less than 1 million cases caused by unauthorized access announced during the above period
・Method: Cyber Security Cloud Research
[Industry classification in this research]
・ Manufacturer: Food, Agriculture, Forestry and Fisheries; Construction, Housing, and Interior Design; Textiles, Chemicals, Pharmaceuticals, and Cosmetics; Iron, Steel, Metals, and Mining; Machinery and Plants; Electronic and Electrical Equipment; Automobiles and Transportation Equipment; Precision and Medical Equipment; Printing and Office Equipment; Sports and Toys; Other Manufacturers
・ Retail: Department stores, supermarkets, convenience stores, and specialty stores
・ Services & Infrastructure: Real estate; railroad, aviation, transportation, and logistics; electricity, gas, and energy; food services; hotels and travel; medical and welfare services; amusement, leisure, and other services; consulting and research; human resources services; education
・ Software and Communications: Software, Internet and Communications
・ Trading company: General and specialized trading company
・ Finance: Banks and securities, credit card companies, credit sales and leasing companies, other financial institutions, life, and non-life insurance companies
・ Advertising / Publishing / Media: Broadcasting, newspapers, publishing, and advertising
・ Government / Public corporation / Organizations: Public companies and organizations, government agencies
■ About Cyber Security Cloud, Inc.
With an aim to create a secure cyberspace that people around the world can use safely, Cyber Security Cloud provides web application security services worldwide using the world's leading cyber threat intelligence and AI technology. CSC is also certified as the 7th AWS WAF Managed Rules Seller in the world by AWS (Amazon Web Service) which boasts a 45% global cloud market share.*2
As a leading cybersecurity company, CSC plans to continue to strive to improve and develop new technologies and aim to be a company that can deliver effective security solutions to contribute to the information revolution.
*1: Market Research on E-Commerce (2019)
*2: Gartner(August 2020)･･･Worldwide Iaas Public Cloud Services Market Share, 2018-2019