Infographic: Is Security Spending Proportional to the Data Breach Problem?

by Nate Lord on Thursday July 27, 2017

Contact Us
Free Demo
Chat

Einstein famously defined insanity as "doing the same thing over and over again and expecting different results." So why do companies continue to follow the same archaic security strategies while data breaches are at an all-time high?

We decided to take a closer look at this issue and did some research to compare data breach trends with security technology spending. What did we find? Companies continue to invest heavily in network and device security while allocating just 1% of their security budgets toward protecting cyber criminals' top target: data. In fact, a recent Impact Report from 451 Research sums this point up nicely:

"… it's better to focus scarce resources on securing the data itself rather than spending ever-higher sums erecting tighter boundaries around it. The logic is sound: despite the billions of dollars spent each year on perimeter and endpoint security, the bad guys keep finding new ways in, and the data breach parade rolls on without a hiccup."

This interactive infographic shows security spending and data breach trends over the past five years - click an orb to launch a whole year's worth of threats and get a breakdown of how companies invested in security as well as the top breaches and threats for that year.

Click to View Fullscreen

Number of Data Breaches Per Year

Year Number of Data Breaches
2010 761
2011 855
2012 621
2013 1367
2014 2122

Source: Verizon Data Breach Investigations Report, 2011-2015

Number of Records Exposed by Data Breaches, Per Year

Year Number of Records Exposed
2010 3.8 million
2011 174 million
2012 44 million
2013 822 million
2014 700 million

Source: Verizon Data Breach Investigations Report, 2011-2015; 2013 total from RBS

Top Threat Actions by Year

Year Threat Actions
2010 Physical Tampering, Spyware, Data-exporting Malware
2011 Brute Force, Spyware, Use of Stolen Credentials
2012 Spyware, Backdoor Exploitation, Use of Stolen Credentials
2013 Use of Stolen Credentials, Data-exporting Malware, Phishing
2014 Use of Stolen Credentials, RAM-scaping Malware, Spyware

Source: Verizon Data Breach Investigations Report, 2011-2015

Top 5 Data Breaches by Year, By Records Exposed

Year Data Breach and Number of Records Exposed
2010
  1. ECMC: 3.3 million records
  2. JP Morgan Chase: 2.6 million records
  3. Betfair: 2.3 million records
  4. NYC Health & Hospitals Corp: 1.7 million records
  5. Gawker.com: 1.5 million records
2011
  1. Sony Playstation Network: 77 million records
  2. Steam: 35 million records
  3. Tianya: 28 million records
  4. Sony Online Entertainment: 24.6 million records
  5. Nexon Korea Corporation: 13.2 million records
2012
  1. Court Ventures: 200 million records
  2. Zappos: 24 million records
  3. Blizzard: 14 million records
  4. Apple: 12.4 million records
  5. Greek Government: 9 million records
2013
  1. Target: 70 million records
  2. Evernote: 50 million records
  3. Living Social: 50 million records
  4. Adobe: 36 million records
  5. Yahoo Japan: 22 million records
2014
  1. Sony: 100 terabytes
  2. eBay: 145 million records
  3. JPMC: 76 million records
  4. Home Depot: 56 million records
  5. Korea Credit Bureau: 27 million records

Source: Information is Beautiful

Annual Security Technology Spending Breakdown

Year Security Spending by Technology Layer
2010
  • Network Security: $16,190,720,000 (43%)
  • Database Security: $7,153,400,000 (19%)
  • Application Security: $5,059,600,000 (14%)
  • Endpoint Security/Antivirus: $5,059,600,000 (14%)
  • Identity Management: $3,541,720,000 (9%)
  • Data Protection: $436,000,000 (1%)
  • Total Annual Security Technology Spend: $37,441,040,000
2011
  • Network Security: $17,222,400,000 (39%)
  • Database Security: $9,301,360,000 (21%)
  • Application Security: $6,314,880,000 (14%)
  • Endpoint Security/Antivirus: $6,314,880,000 (14%)
  • Identity Management: $4,592,640,000 (10%)
  • Data Protection: $458,000,000 (1%)
  • Total Annual Security Technology Spend: $44,204,160,000
2012
  • Network Security: $19,667,200,000 (43%)
  • Database Security: $9,352,600,000 (20%)
  • Application Security: $6,760,600,000 (15%)
  • Endpoint Security/Antivirus: $6,146,000,000 (13%)
  • Identity Management: $3,687,600,000 (8%)
  • Data Protection: $481,000,000 (1%)
  • Total Annual Security Technology Spend: $46,095,000,000
2013
  • Network Security: $19,771,800,000 (39%)
  • Database Security: $10,649,020,000 (21%)
  • Application Security: $7,908,720,000 (16%)
  • Endpoint Security/Antivirus: 5,931,540,000 (12%)
  • Identity Management: $5,272,480,000 (11%)
  • Data Protection: $555,000,000 (1%)
  • Total Annual Security Technology Spend: $50,088,560,000
2014
  • Network Security: $20,631,180,000 (37%)
  • Database Security: $8,587,460,000 (15%)
  • Application Security: $8,537,040,000 (15%)
  • Endpoint Security/Antivirus: $9,959,880,000 (18%)
  • Identity Management: $7,114,200,000 (13%)
  • Data Protection: $661,000,000 (1%)
  • Total Annual Security Technology Spend: $55,490,760,000

Sources:
Total Annual Security Spending Figures from Gartner Forecast: Information Security, Worldwide, 2010-2018
By-Layer Security Spending Percentages from Forrester Research, Content Security Predictions: 2011 and Beyond, Content Security: 2012 Budget and Planning Guide, Understand The State Of Network Security: 2012 To 2013, Understand The State Of Data Security And Privacy: 2013 To 2014, Understand The State Of Data Security And Privacy: 2014 To 2015

Tags:  Data Breaches Infographics

Related Blog Posts

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives
Get the Guide

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
Get the Guide