Over 146 billion records to be stolen over next five years

More than 33 billion records will be stolen by cyber criminals in 2023 alone, despite data protection laws mandating strong measures to protect personal and financial data, a study has found.

The figure represents an increase of 175% over the 12 billion records expected to be compromised in 2018, resulting in cumulative losses of more than 146 billion records over the next five years, according to research by Juniper Research.

However, average levels of cyber security expenditure will remain relatively static. Spending by small businesses in 2018 will only make up 13% of the overall cyber security market in 2018, despite more than 99% of all companies being small businesses.

In addition, the cost of breaches can exceed millions of dollars, dwarfing the turnover of such businesses.

Juniper said many of these companies use consumer-grade products, spending on average under $500 per year on cyber security. With many such businesses currently rolling out digital transformation initiatives, this will leave them vulnerable to newer forms of malware which require more advanced cyber security, beyond simple endpoint protection.

“Juniper’s strategic analysis of 48 leading cyber security companies shows that artificial intelligence and predictive analytics are now table stakes for this market,” said Juniper senior analyst James Moar. “These technologies need to be made available to all businesses, regardless of size”.

Additionally, the research firm found that the US will become a more prominent target over the next five years. Juniper expects over half of all data breaches globally to occur in the US by 2023.

This is because the US has much national and international consumer and corporate data in a disparate range of institutions and regulations, making it easier to find and exploit systemic weaknesses, Juniper said.

Outside the US, countries such as Singapore, Malaysia and Australia have had their share of data breaches in recent years.

In July 2018, the Singapore government revealed that the non-medical personal information of around1.5 million patients who had visited specialist outpatient clinics and polyclinics in a public healthcare group had been illegally accessed and copied in a deliberate, targeted and well-planned cyber attack.

The data taken included names, national identity card numbers, addresses and dates of birth. Information on the outpatient dispensed medicines of about 160,000 patients was also exfiltrated through an initial breach on a front-end workstation.

Notably, security budgets for organisations in Singapore were the highest among five nations recently surveyed by Osterman Research, which found that the security budget for a 2,500-employee Singapore organisation was more than S$1.3m (US$950,000) in 2017 and will grow to more than S$1.4m in 2018.

While security budgets in Singapore were the highest in the study, they will also grow at the slowest rate in 2018 at only 7.1%, less than half of the global average of 14.8%.

In addition, Singapore organisations reported the second-lowest spending among the nations surveyed when it comes to remediating a major security event – one that would cause significant disruption to an organisation’s operations, such as a widespread ransomware attack.

According to Osterman Research, Singapore organisations would spend an average of nearly S$260,000 to resolve such an incident, lower than the global average of S$391,448.