Skip to Content

A Review Of Cyber Breaches In 2019

on Tuesday, 24 March 2020 in Technology & Intellectual Property Update: Arianna C. Goldstein, Editor

Each year our TIPS section reviews the cyber breaches reported to the Nebraska Attorney General’s Office. This article will be the first of several to review the information as reported.

Number of Breaches

Nebraska’s breach notification form is unique in that it requests the total number of records which were accessed in the breach as well as the number of Nebraska residents’ records. Thus, by reviewing the breaches reported to the Nebraska Attorney General’s office, we have a glimpse into the total number of breaches and total number of records breached across the US. Unless or until there is a national reporting requirement, this review might be one of the best insights into cyber breaches nationally.

The number of breaches in Nebraska has continued to increase each year since the reporting requirement became effective. The numbers for each year are as follows:

Year

Number

YOY Increase

2016

43

2017

108

151%

2018

502

365%

2019

578

15%

The number of cases increased dramatically from 2017 to 2018 by 365 percent. Although the number of cases has continued to rise, the increase slowed considerably from 2018 to 2019. The dramatic increase from 2017 to 2018 could have been due to the newly enacted reporting requirement in Nebraska. As more and more companies and law firms became aware of the reporting requirement, the number of reports filed with the Attorney General’s office increased as well. This conclusion is also consistent with the fact that many reports showed a decrease of data breaches in the US between 2017 and 2018, but as organizations learned of their reporting requirements in Nebraska, these organizations filed more reports year-over-year in Nebraska than they filed with other states.

The percentage increase over 2018 in reports filed with the Nebraska AG’s office slowed last year to 15 percent, while the overall number of reported breaches continued to increase. The percentage increase in Nebraska is consistent with the number of cyber breaches reported in the US which increased 17 percent.

Number of Records Exposed

The prior graph also leads to the next topic – the number of records exposed during a breach. The number of records exposed of Nebraska residents has decreased significantly. The average number of records per breach has also decreased significantly. The reason for the decrease over the past year seems to be the lack of mega-breaches or breaches in which the number of exposed records exceeds 10 million records. In years past there have been breaches exposing hundreds of millions of records, such as Target (110 million), Equifax (123 million), Marriott (500 million), or Yahoo! (500 million). Due to the lack of one of these mega-breaches, the number of records per breach has decreased but the cumulative number of records continues to grow. 

Breach Records for Nebraska Companies

This year we traced the number of breaches associated with companies based in Nebraska. This effort of mapping cyber breaches and records gives a clearer indication as to the number of records and costs that could be expected by Nebraska based companies should a cyber breach occur.

From the charts above, the average number of records involved in a Nebraska-based business are approximately 3,100 with only 1,700 being attributable to Nebraska residents. The average cost per record to recover from a data breach in the US is approximately $250 per record. Thus, the average cost per data breach to a Nebraska-based organization is over $750,000 per breach. The costs of these breaches can be a significant financial event for a Nebraska company!

In order to alleviate the costs associated with a data breach, Nebraska companies should:

  • Update their policies to prepare for the likelihood of a data breach;
  • Review and update any business risk strategies;
  • Review and update any cyber liability policies;
  • Educate the C-suite executives and the employees as to the possible expenses and liabilities as a result of a data breach;
  • Educate users and employees as to the means of perpetrating cyber breaches; and,
  • Review and update any cyber or crisis response plans to prepare for such an event.

Next month we will review the types of breaches and the types of information targeted in a cyber-breach.

1700 Farnam Street | Suite 1500 | Omaha, NE 68102 | 402.344.0500