News
- Report
Cyber Security Cloud Releases Report on Personal Information Leaks Caused by Unauthorized Access Between October 2019 and September 2020 - Retail Industry Shows the Highest Number of Leaks and Cases -
Cyber Security Cloud, Inc. (Headquarters: Shibuya-ku, Tokyo; President and CEO: Akira Ohno; hereinafter referred to as "Cyber Security Cloud") is pleased to announce the release of a research report comparing personal information breach cases involving unauthorized access, ranging from 1,000 cases to less than 1 million cases, by industry, that were announced between October 1, 2019 and September 30, 2020.
■ Breakdown of personal information leak cases by industry
<Proportion by industry>

This survey covered a total of 50 cases of medium-sized personal information leaks caused by unauthorized access, with the damage scale being between 1,000 and 1 million cases. Based on information from the companies that disclosed the cases, the personal information leaks were classified into eight industries: manufacturing, retail, services/infrastructure, software/telecommunications, trading companies, finance, advertising/publishing/mass media, and government agencies/public corporations/organizations.
The retail industry had the most personal information leaks at 24% of the total, followed by the services and infrastructure industry at 22% and the manufacturing industry at 18%. Meanwhile, the financial industry only accounted for 6% of leaks.
<Proportion of listed companies (including groups) and unlisted companies involved in data leaks>

Furthermore, when we measured the percentage of listed companies (including groups), we found that approximately 43% of the companies where incidents occurred were listed companies. Of these, the manufacturing industry had the highest percentage of listed companies at 67%, followed by the software and communications industry at 50% and the services and infrastructure industry at 45%.
■Comparison of leaked personal information by industry
<Number of personal information leaks by industry>

Furthermore, in terms of the number of personal information leaks by industry, the retail industry had the highest number of cases at 926,002, in proportion to the number of personal information leak cases, followed by the manufacturing industry at 594,753 and the service and infrastructure industry at 338,618.
■Consideration
The results of this survey show that the manufacturing industry has the highest ratio of listed and unlisted companies involved in data leaks, suggesting that even listed companies may not have adequate measures in place to prevent unauthorized access. It is believed that measures will need to be strengthened across the entire group, including subsidiaries.
Meanwhile, in the retail industry, although the proportion of listed companies remains at 25%, the highest number of victimization cases have been reported, indicating that many of the victims are unlisted companies with insufficient security measures. According to a survey released by the Ministry of Economy, Trade and Industry in July 2020*1, the size of Japan's consumer and business-to-business e-commerce market in 2019 grew by approximately 7.7% compared to the previous year to 19.4 trillion yen, and the e-commerce rate is also on the rise. In this context, many companies in the retail industry operate their own e-commerce sites and handle customer information, making them potential targets of cyber attacks.
Additionally, in the financial industry, where vulnerabilities in payment services and other areas have been attracting attention recently, the number of incidents and data leaks is overwhelmingly lower than in other industries. While strong security is required in the financial industry, there are cases where users suffer direct harm, so even if there are fewer incidents, they tend to attract more attention.
When a company suffers from a cyberattack such as unauthorized access, it not only suffers brand damage and loss of trust, but also unexpected costs for investigating the damage and, in some cases, may have to pay compensation. Furthermore, the revised Personal Information Protection Act is scheduled to come into effect by June 2022, and includes strengthened penalties, such as raising the maximum fine for companies that leak personal information to 100 million yen. In order to prevent such damage from occurring, it is important to take measures such as reviewing your company's cybersecurity.
<Survey Overview>
-Survey period: October 1, 2019 to September 30, 2020
- Survey target: Personal information leaks involving unauthorized access with a damage scale of over 1,000 but less than 1 million cases announced during the above period
Cases (50 cases)
-Research method: Cybersecurity Cloud
[Industry classification in this survey]
・"Manufacturers": Food, agriculture, forestry, and fisheries, construction, housing, and interior design, textiles, chemicals, pharmaceuticals, and cosmetics, steel, metals, and mining, machinery and plants, electronic and electrical equipment, automobiles and transportation equipment, precision and medical equipment, printing and office equipment, sports and toys, and other manufacturers
・"Retail": Department stores, supermarkets, convenience stores, specialty stores
・"Services and Infrastructure": Real estate, railways, aviation, transportation and logistics, electricity, gas and energy, food services, hotels and travel, medical care and welfare, amusement and leisure, other services, consulting and research, human resources services, education
・"Software and Communications": Software, Internet, and communications
・"Trading company": general trading company, specialized trading company
・"Finance": Banking/Securities, Credit, Credit Sales/Leasing, Other Finance, Life Insurance/Non-Life Insurance
・"Advertising, Publishing, and Mass Media" Broadcasting, newspapers, publishing, advertising
・"Government agencies, public corporations, organizations" Public corporations, organizations, government agencies
About Cyber Security Cloud, Inc.
Company name: Cyber Security Cloud, Inc.
Address: VORT Ebisu Maxim 3rd Floor, 3-9-19 Higashi, Shibuya-ku, Tokyo 150-0011
Representative: President and CEO Akira Ohno
Established: August 2010
URL: https://www.cscloud.co.jp/
With the mission of "creating a safe and secure cyberspace for people all over the world," Cyber Security Cloud provides web application security services worldwide on a subscription basis, leveraging the world's leading cyber threat intelligence and AI technology. Furthermore, AWS, which holds a 47.8% share of the global cloud market, has certified Cyber Security Cloud as the seventh AWS WAF Managed Rules Seller in the world.
As a leading company, we will continue to develop services that create a safe and secure cyberspace for people around the world, and contribute to the promotion of the information revolution.
*1 Source: E-commerce market survey (2019)
*2 Source: Gartner (August 2020) Worldwide IaaS Public Cloud Services Market Share, 2018-2019