The increased number of data breaches in 2021 suggests that a strong data protection program is no longer optional for companies who want to maintain a positive reputation with their customers. Last year was the worst year for data breaches in the history of Shred-it’s Data Protection Report, as 49% of Canadian large businesses and 50% of Canadian small businesses surveyed reported experiencing a data breach, up from 43% and 12% respectively in 2020. Business leaders from all sectors must prioritize data security to address this growing threat.
Data Breaches by Industry
Some may believe that only certain industries, such as finance or tech, are at risk of data security attacks, but in reality almost no industry is immune from data breaches. Shred-it’s 2021 Data Protection Report, which surveyed leaders in healthcare, finance, professional services, insurance, and real estate, found that more than half of organizations in all industries surveyed had experienced a data breach.
While all sectors need to be prepared to address data breaches, some industries place higher importance on information security. Shred-it’s 2021 Data Protection Report found that out of those surveyed 40% of companies in the financial industry state information security as very important, while more than half of them have experienced a data breach. The insurance industry followed financial, where only 44% said that information security is very important, but 75% of those surveyed have experienced a data breach. On the other hand, the healthcare industry only experienced 12% of the total data breaches, likely because of its more frequent use of information security measures. Out of all the industries surveyed, respondents in the healthcare industry said they were the most likely to have regular infrastructure auditing (48%) and paper shredding services (27%).
Causes of a Data Breach
Data breaches stem from a wide range of sources including hackers and external partners. Notably, the 2021 Data Protection Report found that 29% of data breaches were caused by “malicious insiders:” trusted employees or partners. Moreover, employee error was responsible for 17% of data breaches, possibly because many employees may not be able to identify common data security threats such as phishing.
What Companies Can Do
Shred-it’s 2021 Data Protection Report outlines three major recommendations that all industries can apply to help improve their information security protocols:
- Data protection and consumer privacy laws are growing more commonplace in Canada, the U.S. and around the world. Business leaders should stay aware of the latest state, national, and international data protection requirements.
- Business leaders must understand what information they collect, where and how it is stored, and with whom it is shared, so they can develop an effective information security plan that meets their organization’s unique needs.
- Employees should be equipped with the proper tools and knowledge to help prevent and respond to a data breach threat. A security-minded workplace culture can be a company’s best defense against a data breach, so employees should undergo data protection trainings while onboarding and regularly throughout the year.
Data breaches are an ever-worsening threat that leaves no industry or business-type untouched. To learn more about the data breach breakdown by industry and what businesses can do to help protect themselves, download our Data Breaches by Industry infographic.