Advisen defines system/network security violations or disruptions as unauthorized use of or access to a computer or network, or interference with the operation of the same, including virus, worm, malware, digital denial of service (DDoS), etc. The absolute number of network security violation or disruption events has spiked since 2011. They now also make up a significantly higher percentage of all events than in the past.
A few of the more notable cases in recent years include:
- Sony Corporation: In 2011, over 100 million PlayStation Network and Sony Online Entertainment accounts were exposed. The personal information – including credit and debit card data – of tens of millions of users was stolen. Experts predict that the damage may range from $1 to $2 billion, making it one of the costliest cyber-hacks ever to have been pulled off.
- Wyndham Worldwide Corporation: On June 26, 2012, the United States Federal Trade Commission (FTC) sued Wyndham over allegations it failed to protect consumers’ credit card data between April 2008 and January 2010. The complaint alleged that Wyndham failed to take proper security measure such as employing complex user IDs and passwords and allowed improper software setups that resulted in credit card information being stored in clear readable text.
- Schnucks Markets, Inc.: On April 8, 2013, a class action lawsuit against Schnuck Markets, Inc was filed in the Superior Court of Missouri, City of St. Louis. The lawsuit was brought in relation to Schnuck’s alleged violation of the Missouri Merchandising Practices Act. On March 15, 2013, Schnucks detected that its computer systems had been compromised allowing Plaintiff’s and class member’s personal identifying information to be stolen. Plaintiffs alleged that Schnucks failed to comply with computer security industry standards.
- Target Corporation: On December 19, 2013, Target Corporation confirmed it was aware of unauthorized access to payment card data that may have impacted certain guests making credit and debit card purchases in its U.S. stores. On February 5, 2014 Target announced they had identified that stolen records came from a third party vendor, Fazio Mechanical Services (FMS), a provider of HVAC systems. Attackers pushed malware to Target’s Point of Sales (POS) devices and actively collected card record for every transaction from November 15, 2012 to November 28, 2013.
Network Security Count by Year
This chart shows the number of network security cases by year. There is a clear upward trend, which has been accelerating rapidly since 2011.
Cyber Case Type Composition by Year
Put in relation to the previous chart, we can see that the rapid increase in the number of network security violations since 2011 has culminated in network violations being the largest proportion of cyber cases in 2013, a notable case being the Target breach.
U.S. Event Occurrence Rate by Industry
In this chart we broke down the event occurrence rate by industry. The event occurrence rate is obtained by normalizing the number of businesses in each of the respective industries. From this, we can see that the public administration industry reports the highest occurrence rate of network violations.
Litigation Frequency by Industry
The litigation frequency is obtained by taking the number of network violation cases that have entered litigation over the number of network violation events. We see that the wholesale and retail trade industry has the highest litigation frequency, a notable example being the Target breach in late 2013. Interestingly, public administration reports the lowest litigation frequency though it had the highest relative occurrence (see previous chart).