by Chris Dyer
February 22, 2019
Data breaches have regularly been in the news over the past few years. From the Equifax breach to the Marriott breach – and seemingly every company in-between – it is abundantly clear that data security will grow increasingly complex and critical in the future. Maintaining data security and privacy requires diligent, proactive measures to be taken not only by data handlers, but also by legislators and consumers.
The largest data breach on record occurred in 2013, when all 3 billion accounts on Yahoo’s servers were exposed, including names, birth dates, phone numbers, and passwords. The next year, 500 million Yahoo user accounts were breached. By 2016, data breaches seemed to be a fact of life – with 412 million accounts on the adult dating company Friend Finder Network being compromised. Like clockwork, 2017 saw a major breach of consumer credit reporting agency Equifax’s servers as 146 million user accounts had their data exposed, including social security numbers and some driver’s license numbers. The same breach included 209,000 US credit card numbers. Marriott was the next major breach, in 2018, with the data of 500 million guests – including passport numbers, departure times, mailing addresses, and a range of other data – being compromised.
All told, a report from Risk Based Security claims that a total of 5 billion records were exposed globally in 2018 alone. This number is staggering, but holds a silver lining. The report claims that between 2017 and 2018, the total number of exposed records fell from 7.9 billion to 5 billion – a sign of improvement. Reasons for this reduction, despite the best efforts of hackers, include increased security and encryption by those handling sensitive data, improved awareness among consumers, and tightening legislation.
Every US state has enacted some form of data breach notification legislation, requiring businesses or government agencies to inform individuals when their data has been compromised. However, notification legislation is ineffective at preventing the occurrence of breaches. Instead, such laws are aimed at forbidding companies from failing to mention a breach and from concealing the extent of said breach from the public – as Yahoo did from 2013 until 2017.
A slightly more proactive and effective piece of legislation was put into place in the European Union (EU) in May 2018. The rule, called the General Data Protection Regulation, is designed to protect EU citizens from data and privacy breaches both within the EU and outside of it. It applies to all companies that process the personal data of individuals in the EU, and organizations found to risk the security and privacy of user data or to improperly use that data are subject to fines up to 4% of the company’s annual global turnover (or €20 million, whichever is greater).
The first company to be fined for violating the GDPR was Google, which was fined €50 million by French data regulator CNIL for failing to adequately inform and receive the consent of users regarding tailored ads. However, nearly 60,000 GDPR data breach notifications have been made since the rule came into effect, with only 91 total fines being levied against violators. As a relatively new regulation, it may take time to see more impactful results in the data processing and hosting industry at large. In the meantime, consumers should anticipate further – but hopefully smaller – breaches.
Don’t worry, we have you covered! For additional information and analysis of US industry trends, see Data Processing & Hosting: United States, a report published by the Freedonia Focus Reports division of The Freedonia Group. This report forecasts to 2022 US data processing and hosting service revenues in nominal US dollars. Total revenues are segmented by source in terms of:
Total revenues are segmented by market as follows:
To illustrate historical trends, total demand and the various segments are provided in annual series from 2007 to 2017.
Data processing and hosting services are also referred to as cloud computing and storage services. Cloud data centers operated for captive use are excluded from the scope of this report. US providers’ revenue includes income from all domestic locations primarily engaged in providing infrastructure for hosting or data processing services. Thus, receipts from other activities performed by these locations are included in total revenue. Receipts from establishments that may provide data processing and storage services but are primarily engaged in a different activity are excluded from this report. Revenues from payroll and financial transaction processing services are also excluded from this report.
You can also check out some of our related reports, which include:
Chris Dyer is a Market Research Analyst for Freedonia Focus Reports. He holds a Master of Arts in Security Studies, and his experience as an analyst covers multiple industries.
Provide the following details to subscribe.