Over the last several months, members of our product team have been working to aggregate all of BitSight’s security ratings data and highlight important insights about patterns in data breaches. In fact, BitSight boasts one of the largest data breach data sets. Of course, this only highlights what data BitSight has visibility into; with the largest sinkholing infrastructure in the world and the security posture of over 130,000 organizations, we have the most comprehensive view into global breach trends.
BitSight’s data highlights the number of breaches captured in the last six months on a global scale. In April of this year, breaches spiked with 80 separate occurrences. These trends can help prompt companies to identify critical areas in need of remediation and are an important indicator for the future.
BitSight also looks at breaches by severity within the three BitSight Security Ratings categories over the last 30 days, noted by color, implicating X amount of records lost. Companies are classified by rating as basic, intermediate, or advanced. Overall, there are more breaches of higher severity in the basic and intermediate security rating categories, which makes sense as previous BitSight studies have shown — and have been independently verified — that companies with a BitSight Security Rating of 500 or less are 5X more likely to suffer a data breach than a company with a 700 or higher.
When examining breaches by category type (over all time), web applications lead with over 1,200 different breaches. According to the 2018 Verizon Database Industry Report (DBIR), web application breaches are the most common type of breach — they occurred over 20% of the time among all breaches in 2017-18.
Finally, BitSight breaks down the frequency of breaches (over all time) by industry. This is a particularly important insight when understanding the problems that certain industries encounter: the healthcare industry uses certain medical devices that are not always up-to-date and therefore easier to hack for protected health information (PHI). BitSight’s data shows that healthcare leads the industry breach breakdown with over 1,000 breaches. Verizon’s DBIR also confirms that healthcare leads all industries in breach frequency, with over 500 breaches happening in the last year.
BitSight’s breach data provides valuable insight into the current threat landscape. By helping customers understand where vulnerabilities lie within certain industries (or what certain organizations should guard against when evaluating their security posture), BitSight Security Ratings can help organizations think strategically about proactively mitigating the risk of breach both internally and in their supply chain.