Are we really seeing more data breaches this year?

The article "More Cyberattacks or Just More Media Attention?" by Robert Charette was in this month's IEEE Spectrum. Here's how this article starts:

This has been a banner year for high-profile cybersecurity disasters, with no letup in sight. So far, there have been 251 data breaches—a record-setting pace.

But is this really true?

The Open Security Foundation's data breach database seems to tell us that the number of breaches that we've seen in 2011 doesn't really exceed the number we've seen in previous years. To get an estimated number of breaches for all of 2011 I took the number of breaches in the first six months of 2011 and doubled it. Here's what the historical data really looks like when you graph it:


That doesn't seem to support the claim that we're seeing breaches at a record-setting pace in 2011. Instead, it looks more like 2011 is turning out to be a fairly typical year. But since the breaches in the first half of 2011 exposed over 126 million records, that's not really a good thing.

Update: An alert reader pointed out that the estimate of 684 breaches for 2011 is exactly the average of the number of breaches in each of the previous five years. So it looks like 2011 is looking even more typical than I first thought.

Leave a Reply

Your email address will not be published. Required fields are marked *