Study: Data Breach Numbers Continue To Rise, Creating Growing Security Opportunity For Solution Providers
The security market has been fairly quiet when it comes to mega breaches and smaller breaches in recent months, but security incidents for the year overall are still up in double digits, according to a recent study by Piper Jaffray.
According to the study, released Monday, the number of breaches in July was below average, with only 55 reported incidents (including only one ’large’ breach) during the month. That represents an 18 percent year-over-year decrease from July 2015, the study said.
That being said, breaches overall for the year are still up double digits over 2015. So far this year, there have been 569 reported breaches, up 18.3 percent over the same period last year, the study said. The business and health-care sectors were hit the hardest during the month, the study found, up 49 percent and 35 percent, respectively.
[Related: 10 Cybersecurity Lessons Learned In 2016 (So Far)]
The trend to pull from these statistics is that breach activity is continuing to escalate, although recent breaches are smaller than those in the same period last year, said Andrew Nowinski, senior research analyst at Piper Jaffray.
’Even though the breaches are less complex, the fact that activity is still increasing is a good thing for the rest of the security industry,’ Nowinski said. ’As long as we’re seeing an increase in breach activity, that will translate into improving revenue growth over the next six to nine months.’
Nowinski said Piper Jaffray found there was an 80.9 percent correlation between the number of breaches and revenue growth for security companies. Revenue growth is usually seen two quarters after an escalation of incidents, the study found. That growth will be particularly strong in areas outside traditional perimeter technologies where enterprises have already invested, Nowinski said, citing email security, privileged account management, identity and access management, and endpoint security as examples.
While much of that growth is targeted at the vendors, Nowinski said solution providers should also expect to see a revenue bump from increased security incidents.
’There is a partner trickle-down,’ Nowinski said. ’The partners and the resellers still appear to be doing pretty well.’
Richard Delaney, CTO at Sloatsburg, N.Y.-based Delaney Computer Services, said that opportunity might be even bigger than Piper Jaffray is reporting, as he said he sees many more companies being unwilling to report security incidents and breaches. Delaney said his experiences working to bring security to small businesses have shown him that incidents are increasing, not decreasing.
’I think breaches are up,’ Delaney said. ’I don’t think breaches are down. I think they’re up and it’s become more common to not report it. There’s a lack of accountability.’
Particularly with smaller, local companies, Delaney said there is a hesitation to report security incidents unless absolutely necessary, saying it ’would be business suicide’ for most small businesses.
’If a tree falls in a forest, but no one is there to hear it, did it happen? Was it a breach? Right now no one is reporting this stuff,’ Delaney said.
Adding to that is a lack of clarity around what constitutes a data breach, Delaney said. He said he sees more small businesses being targeted by ransomware and other threats, which can affect their ability to operate but don’t necessarily qualify to be reported as a data breach.
Delaney said that is in part driven by a relaxed attitude about data breaches from public officials and a lack of accountability for companies that fail to report an incident.
’Why do we learn to lie? Because then we don’t get our hands slapped. … We haven’t created an environment that’s accepting of this so there is no reason an organization would report a breach,’ Delaney said.
The Piper Jaffray study predicted that solution providers and the security industry should see a boost from the breaches so far this year in the latter half of 2016 and into early 2017.