Infographic: Is Security Spending Proportional to the Data Breach Problem?



Einstein famously defined insanity as "doing the same thing over and over again and expecting different results." So why do companies continue to follow the same archaic security strategies while data breaches are at an all-time high?

We decided to take a closer look at this issue and did some research to compare data breach trends with security technology spending. What did we find? Companies continue to invest heavily in network and device security while allocating just 1% of their security budgets toward protecting cyber criminals' top target: data. In fact, a recent Impact Report from 451 Research sums this point up nicely:

"… it's better to focus scarce resources on securing the data itself rather than spending ever-higher sums erecting tighter boundaries around it. The logic is sound: despite the billions of dollars spent each year on perimeter and endpoint security, the bad guys keep finding new ways in, and the data breach parade rolls on without a hiccup."

This interactive infographic shows security spending and data breach trends over the past five years - click an orb to launch a whole year's worth of threats and get a breakdown of how companies invested in security as well as the top breaches and threats for that year.

Click to View Fullscreen

Number of Data Breaches Per Year

YearNumber of Data Breaches
2010761
2011855
2012621
20131367
20142122

Source: Verizon Data Breach Investigations Report, 2011-2015

Number of Records Exposed by Data Breaches, Per Year

YearNumber of Records Exposed
20103.8 million
2011174 million
201244 million
2013822 million
2014700 million

Source: Verizon Data Breach Investigations Report, 2011-2015; 2013 total from RBS

Top Threat Actions by Year

YearThreat Actions
2010Physical Tampering, Spyware, Data-exporting Malware
2011Brute Force, Spyware, Use of Stolen Credentials
2012Spyware, Backdoor Exploitation, Use of Stolen Credentials
2013Use of Stolen Credentials, Data-exporting Malware, Phishing
2014Use of Stolen Credentials, RAM-scaping Malware, Spyware

Source: Verizon Data Breach Investigations Report, 2011-2015

Top 5 Data Breaches by Year, By Records Exposed

YearData Breach and Number of Records Exposed
2010
  1. ECMC: 3.3 million records
  2. JP Morgan Chase: 2.6 million records
  3. Betfair: 2.3 million records
  4. NYC Health & Hospitals Corp: 1.7 million records
  5. Gawker.com: 1.5 million records
2011
  1. Sony Playstation Network: 77 million records
  2. Steam: 35 million records
  3. Tianya: 28 million records
  4. Sony Online Entertainment: 24.6 million records
  5. Nexon Korea Corporation: 13.2 million records
2012
  1. Court Ventures: 200 million records
  2. Zappos: 24 million records
  3. Blizzard: 14 million records
  4. Apple: 12.4 million records
  5. Greek Government: 9 million records
2013
  1. Target: 70 million records
  2. Evernote: 50 million records
  3. Living Social: 50 million records
  4. Adobe: 36 million records
  5. Yahoo Japan: 22 million records
2014
  1. Sony: 100 terabytes
  2. eBay: 145 million records
  3. JPMC: 76 million records
  4. Home Depot: 56 million records
  5. Korea Credit Bureau: 27 million records

Source: Information is Beautiful

Annual Security Technology Spending Breakdown

YearSecurity Spending by Technology Layer
2010
  • Network Security: $16,190,720,000 (43%)
  • Database Security: $7,153,400,000 (19%)
  • Application Security: $5,059,600,000 (14%)
  • Endpoint Security/Antivirus: $5,059,600,000 (14%)
  • Identity Management: $3,541,720,000 (9%)
  • Data Protection: $436,000,000 (1%)
  • Total Annual Security Technology Spend: $37,441,040,000
2011
  • Network Security: $17,222,400,000 (39%)
  • Database Security: $9,301,360,000 (21%)
  • Application Security: $6,314,880,000 (14%)
  • Endpoint Security/Antivirus: $6,314,880,000 (14%)
  • Identity Management: $4,592,640,000 (10%)
  • Data Protection: $458,000,000 (1%)
  • Total Annual Security Technology Spend: $44,204,160,000
2012
  • Network Security: $19,667,200,000 (43%)
  • Database Security: $9,352,600,000 (20%)
  • Application Security: $6,760,600,000 (15%)
  • Endpoint Security/Antivirus: $6,146,000,000 (13%)
  • Identity Management: $3,687,600,000 (8%)
  • Data Protection: $481,000,000 (1%)
  • Total Annual Security Technology Spend: $46,095,000,000
2013
  • Network Security: $19,771,800,000 (39%)
  • Database Security: $10,649,020,000 (21%)
  • Application Security: $7,908,720,000 (16%)
  • Endpoint Security/Antivirus: 5,931,540,000 (12%)
  • Identity Management: $5,272,480,000 (11%)
  • Data Protection: $555,000,000 (1%)
  • Total Annual Security Technology Spend: $50,088,560,000
2014
  • Network Security: $20,631,180,000 (37%)
  • Database Security: $8,587,460,000 (15%)
  • Application Security: $8,537,040,000 (15%)
  • Endpoint Security/Antivirus: $9,959,880,000 (18%)
  • Identity Management: $7,114,200,000 (13%)
  • Data Protection: $661,000,000 (1%)
  • Total Annual Security Technology Spend: $55,490,760,000

Sources:
Total Annual Security Spending Figures from Gartner Forecast: Information Security, Worldwide, 2010-2018
By-Layer Security Spending Percentages from Forrester Research, Content Security Predictions: 2011 and Beyond, Content Security: 2012 Budget and Planning Guide, Understand The State Of Network Security: 2012 To 2013, Understand The State Of Data Security And Privacy: 2013 To 2014, Understand The State Of Data Security And Privacy: 2014 To 2015

Nate Lord

WHITEPAPERS

Data Protection Vendor Evaluation Toolkit