Are Data Breaches Really a Global Problem, or Just America’s?

Google Alerts are awesome. You can easily set up notifications for keywords relevant to your interests, which are delivered straight to your email inbox. At Ground Labs, we are constantly monitoring a small handful of keywords relevant to data security, to stay on top of the latest news and trends.

However, we soon found ourselves being flooded with tens of emails daily for each alert, to the point where we had to change the alert settings to only receive email notifications once a day, instead of whenever data security news was broken. It comes as no surprise that even in the year 2014 (what year did we all start working on PCI?), companies all around the world are still not adequately protecting sensitive customer data.

But is data security really a worldwide epidemic, or is it only a prevalent problem in America?

Lets dive into this rabbit hole some more. Below is a screenshot of a Google Alert for the keyword ‘data breach’. We’ve marked every article with a country flag, based on which country the news revolves around. In the event that articles were not targeting any country specifically, we looked at the country audience the article was written for.

As you can see, within a 24-hour period, there were notifications for 1 Australian, 1 Canadian, 1 South Korean, and a whopping 30 American data breach stories. How about that.

It’s no surprise that American consumers are losing interest in data breach incidents in general. Anyone would get bored reading 30 stories a day about how everyone from retailers to the Government are failing to safeguard sensitive data.

We think that America deserves a fair trial before we lay blame for being lax on data security, though. The verdict is really up to you to decide. Here are some prosecution points:

1. The Symantec Internet Security Threat Report 2014 states that in 2013, the United States was responsible for the loss of nearly 547 million records, making up 66.5% of all exposed records for the year. This year America has outdone itself though, with multiple large retail data breaches affecting Home Depot, Dairy Queen, JPMorgan Chase and more.

2. America is behind its global counterparts for card-present security – Obama only just ordered chip-and-pin technology in Government credit cards, when the technology has been available to over 100 countries, including all across Europe, since 2005.

And in their defense:

1. America has strict data breach notification laws in place that demand breached companies report the incidents publicly. Australia and Europe have data breach notification guidelines, but no concrete rule. Asia has strict notification laws, but does anyone know they exist? Companies in other countries might be facing the largest data breaches imaginable, but we would be none the wiser.

2. America might be winning by scale, but South Korea is worse off in ratio. While 50% of all American adults have had their data breached in the last 12 months, the BBC just reported that over 80% of all South Koreans have had their personal data stolen, resulting in the country being forced to issue new identity cards to its citizens, an effort which will cost billions of dollars.

While we understand that Google Alerts may not be the most accurate measurement point (We only receive notifications in English, which skews the results a bit), it certainly can feel that America is always front and center whenever systems get breached. More has to be done, and soon.

While the rolling out of chip-and-pin technology should greatly help in reducing storefront credit card information theft (the same year it was implemented in France, credit card data fraud went down 80%), that technology is still a little far away from being implemented across all across America until all terminals are changed over which is going to collectively cost merchants more than 2.5 billion dollars, according to TSYS. In the meantime, companies are still required to secure any sensitive customer data being handled and should consider a simple yet effective approach – focus your efforts on finding and securing or eliminating customer data on your systems. It won’t matter how secure your system is, hackers can’t steal data if it’s no longer there.

Ground Labs’ Data Recon does just that, by searching systems for over 95 types of sensitive data, including healthcare information and personal identification and credit card numbers. Once found, you may simply mask, encrypt, quarantine, or permanently delete unwanted sensitive data in a matter of seconds, leaving nothing for hackers to steal. It’s an essential layer of security that comes at an affordable price.

Take Data Recon for a free trial today by visiting our website here.