The Internet Society has released the findings of its 2016 Global Internet Report in which 40% of users admit they would not do business with a company which had suffered a data breach.
Highlighting the extent of the data breach problem, the report makes key recommendations for building user trust in the online environment, stating that more needs to be done to protect online personal information.
With a reported 1,673 breaches and 707 million exposed records occurring in 2015, the Internet Society is urging organisations to change their stance and follow five recommendations to reduce the number and impact of data breaches globally:
1. Put users - who are the ultimate victims of data breaches - at the centre of solutions. When assessing the costs of data breaches, include the costs to both users and organisations.
2. Increase transparency about the risk, incidence and impact of data breaches globally. Sharing information responsibly helps organisations improve data security, helps policymakers improve policies and regulators pursue attackers, and helps the data security industry create better solutions.
3. Data security must be a priority – organisations should be held to best practice standards when it comes to data security.
4. Increase accountability – organisations should be held accountable for their breaches. Rules regarding liability and remediation must be established up front.
5. Increase incentives to invest in security – create a market for trusted, independent assessment of data security measures so that organisations can credibly signal their level of data security. Security signals enable organisations to indicate that that they are less vulnerable than competitors.
The report also draws parallels with threats posed by the Internet of Things (IoT). Forecasted to grow to tens of billions of devices by 2020, interconnected components and sensors that can track locations, health and other daily habits are opening gateways into user’s personal lives, leaving data exposed.
“We are at a turning point in the level of trust users are placing in the Internet,” said Internet Society’s Olaf Kolkman, Chief Internet Technology Officer. “With more of the devices in our pockets now having Internet connectivity, the opportunities for us to lose personal data is extremely high.
“Direct attacks on websites such as Ashley Madison and the recent IoT-based attack on Internet performance management company, Dyn, that rendered some of the world’s most famous websites including Reddit, Twitter and The New York Times temporarily inaccessible, are incredibly damaging both in terms of profits and reputation, but also to the levels of trust users have in the Internet.”
Other report highlights include:
• The average cost of a data breach is now $4 million, up 29 percent since 2013
• The average cost per lost record is $158, up 15 percent since 2013
• Within business, the retail sector represents 13 percent of all breaches and six percent of all records stolen, while financial institutions represent 15 percent of breaches, but just 0.1 percent of records stolen, indicating these businesses might have greater resilience built in to protect their users