Significant downturn in data breach notifications

David Heath
Wednesday, 13 January 2010 11:23

Business IT - Security

By a number of different measures, the level of data breach notifications has declined significantly over the past 18 months.  Is there a reason for this?

In a blog on the Open Security Foundation's website, an observation is made that there has been a significant decrease in the number of data breaches being reported in the media.

According to a search of Google News for "data breach," after remaining essentially steady at around 1,000 breach reports per month in the world media from September 2005 until June 2008, there has been a steady decline in reports to around 500 per month in December just past.

The author of the blog wonders whether there is a level of press 'boredom' and so, as a comparison, they looked at the actual number of known breaches retained in the Open Security Foundation's own records and found a remarkably similar trend.  There were around 50 unique breaches per month over the same period, suddenly dropping to around 20 in the past month or so.

This would suggest that 'boredom' wasn't a factor.  The only notable point here was the excessive interest by the press in mid 2005 where the level of breach notification was much lower that the press reports would suggest.  Checking with the Privacy Rights Clearing House, we find that this equates with the loss of 40,000,000 credit cards being exposed at Card Systems; this was the first of the very big exposures and quite reasonably attracted excessive coverage; there had also been the earlier ChoicePoint incident.

Although there has been a reasonable drop in breaches, it seems, according to the analysis, that the drop in press reports s much greater, suggesting (but of course not proving) that there is a level of boredom; "just another data breach" isn't news any more; it's becoming part of the furniture.