Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity NewsEnterprise Services

10 Years of Data Breaches Mark Vulnerable Businesses

By Mateusz Romanow
SEC0619-Cyber-Feat-slide1_900px
April 2, 2020

Looking back at cybercrime incidents of the past 10 years, only the questions of "if" and "when" remain. "If" a business has no active cybersecurity policy and processes even just hundreds of rich customer records, "when" becomes soon enough.

For the past 10 years, at least eight large-scale data breaches per year have trembled economies. You’d imagine that as business owners, we would have learned the immense value of the digital data we hold. The Ponemon Institute says that just in the U.S., the average size of a data breach is 25,575 records with a cost of $150 per record on average. That could be the money you would have paid in damages, as a government fine, and potentially in customer lawsuits. Here, they might lose their email and password info, but there, a container of digital biographies might vanish, with credit card details, passport scans and addresses. What’s ironic is that in my conversations with executives about cybersecurity implementation, scaring doesn’t work unless I factually prove their business can be at risk. Let's talk about yours. 

In 2018, a study by Hiscox revealed that among 4,000 organizations from the U.S., U.K., Germany, Spain and the Netherlands, 73 percent are unprepared for a cyberattack. As you’ll see in a moment, our cybersecurity consciousness remains immature - just in 2019, even giants like Facebook, Capital One and Federal Emergency Management Agency got breached. For you to realize if your company is ready for a heist, I’d always recommend a security audit that goes beyond the digital aspect. But the first step is often a leap of faith - you realize that there might be a problem. Here’s something that will help.

The Most Vulnerable Markets Revealed

My team researched the biggest breaches registered between 2009-2019 to reveal which businesses are at the greatest risk. Although it is in the public’s interest to know about all, many breaches understandably remain underreported to prevent future crises. Analyzing 252 qualifiable incidents listed on Wikipedia, here’s what we found:

1. From 2009 to 2019, businesses lost a staggering number of over 7.7 billion data records.

That volume includes databases from big names such as First American, JP Morgan Chase, or Under Armor. Yahoo’s 2003 breach where over three billion records were stolen remains the biggest on the list. Other recognizable businesses that fell for cybercrime are Facebook, eBay, Marriott International, or Quora.

 

2. 65.07 percent of breaches occurred in the market of web services.

It might seem a conundrum. Why do web services specifically get targeted more than any other market? Haven’t we gotten so far in cybersecurity that the websites we use daily should be super-secure? No. Most times, they remain the weakest link for a business. Even two-factor authentication - the latest security measure you might recognize - can be spoofed. With our clients, we see that there’s no designated person to maintain the web service. Check-ups aren’t enough. In between such, crucial security updates can be skipped, making it easier to use brute-force (password-guessing) attacks undetected on the main page or one of the landing pages, which often are made with website builders that offer no protection.

Sure, digital threats don’t end there. We’ve noticed attacks where hackers pinged servers directly or intercepted payment terminal communications as it was with Supervalu in 2014. But because companies constantly change their website as it is often a product, there's a lot of risk that eventually, backdoors will be created - unless we store it in a cybersecurity container in its entirety.

 

3. 160 of breaches came from hacks, 29 resulted from poor security, and in 20 cases the data was lost or stolen.



Remember that cybersecurity is also a management issue that goes beyond technology. It is dangerous to expect that your assets are safe because developers of products like the Google Suite have the responsibility. One of the greatest security flaws is the mismanagement of security. Without the administrator's oversight, how certain are you that people outside of your organization don’t have access to your cloud files? That’s one reason for which in the last decade, there were 20 cases where the data disappeared without a trace. With the same unauthorized access slipping under the Board’s radar, some employees extracted intel - perhaps as a payback.

 

Digital Security is a Real Aspect of Your Business

If you couldn’t find your market in the list above, that doesn’t mean your assets are a safe secret. As mentioned, not all cybercrime becomes a breaking news story. Then, not everything gets hacked - but it could be. Watch what’s happening locally. In September 2019 in Poland - where I’m from - a popular e-commerce platform was fined 660,000 euros for a GDPR breach where allegedly, 2.2 million client records with emails and passwords were stolen in a text-message phishing operation. It wasn’t the number of records that mattered, but their potential value. Auction the catch in the deep web, get good cash and the identities sold are then used for fraud: loans; fake tax returns; blackmail; extortion. You probably know this - but the point is to understand how this can sneak up on you.

I’d like to suggest that you consider this one conclusion from our research. Hackers hunt for the biggest and richest datasets with the least security. Unless you already have a security officer that you actually listen to, get a full risk assessment from a prevention team. Let them work with your legal team to assess the financial value of your digital assets. As a reminder, here’s what you can implement even as a non-technical executive today:

  • Have an active security policy that defines what data needs protection and who is responsible for its oversight in terms of access management, backups and periodical security and GDPR checks.
  • Consider migrating your website onto a cybersecurity platform that provides real-time protection and automated threat mitigation for all of its elements.
  • Work with a recommended security company to run penetration tests at least each 6 months.

 

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security Magazine. Subscribe here.

KEYWORDS: cyber security cybersecurity data breach information security

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Mateusz romanow

Mateusz Romanow is the CEO of Titans24 cybersecurity and 25wat creative agency from Wroclaw, Poland. His focus in on business leadership, cybersecurity culture, and workplace technology.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security camera

40,000 IoT Security Cameras Are Exposed Online

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • 2017 breaches

    The 10 Worst Data Breaches of 2017

    See More
  • SEC_Web_Top10-DataBreaches_2022-1170x658.jpg

    The top 10 data breaches of 2022

    See More
  • top 10 data breaches

    The top 10 data breaches of 2020

    See More

Related Products

See More Products
  • 9780367221942.jpg

    From Visual Surveillance to Internet of Things: Technology and Applications

  • 9780367259044.jpg

    Understanding Homeland Security: Foundations of Security Policy

  • Security of Information and Communication Networks

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing