Data Privacy Regulations

Data Breaches You Never Hear About: The Unreported

August 29, 2017
#analysis, #stats

You only have to glance at a news site or scan your social media page to realize that hundreds of data breaches are documented each year. But consider this: The breaches you read about and hear about represent just the tip of the iceberg.

Organizations across the globe are experiencing data breaches that seem to fly under the radar. Some are simply unreported breaches, seemingly too small to make the news others are yet to be found. Some may not technically qualify as breaches because they don’t include personally identifiable information (PII).

"OTA [Online Trust Alliance] concluded there were about 82,000 cyber incidents in 2016, affecting 225 organizations around the world each day. However, given that the majority of cyber incidents go unreported, it believes the actual number of annual events could exceed 250,000."

Kelly Sheridan, Data Breaches Exposed 4.2 Billion Records In 2016,, 1/25/2017

Organizations might feel they are safe from cyber attackers because their business is too small or because they don’t store customer data. However, that’s definitely not the case. Nearly half of all cyber attacks target small- to medium-sized businesses that house multiple types of sensitive data.

Unreported & Small-Scale Breaches

Most of the data breaches that make the news headlines involve large national companies; however, smaller-scale breaches of local companies are much more frequent. So why don’t you don’t hear about them as often? The truth is that numerous data breaches go undetected, while others are deliberately unreported.

Approximately 43% of cyber attacks target small businesses, according to Symantec’s 2016 Internet Security Threat Report. And these types of attacks spell bad news: The same report revealed that around 6 in 10 small companies go out of businesses within 6 months of a cyber attack, according to IBM.

Breaches Not Involving Customer Data

Many data breaches do not involve PII or consumer data and are therefore less likely to be reported. Instead, they involve corporate information that is considered sensitive data. This information is compromised by cyber attackers targeting corporations or smaller businesses in an effort to gather three main types of proprietary information:

  • Competitive Information: pricing, intellectual property, and bidding information
  • Operational Information: critical information pertaining to the day-to-day operations of a company
  • Private Conversations: communications about acquisitions, strategy, potential mergers, etc.

Don’t Fall Victim to Data Breaches

Cyber attackers target businesses of all sizes and go after various types of data. Though corporate leaks may not always make the news or even be reported, these types of attacks and data breaches can be catastrophic for small- to medium-sized businesses. It is imperative that companies have a proactive plan in place, for both preventing and responding to a potential data breach. Taking these types of precautions can save countless amounts of money, time, and heartache.

CSR Readinesss®, CSR Readiness® Pro and Legal Readiness® can help your organization prevent a data breach. The risk can be mitigated.


Privacy Prime
  • 22 Jan 2018

    Meticulous Equifax Timeline

    Data Breach timeline for Equifax's 2017 Data Breach. One of the most significant data breaches to date.

  • 22 Jan 2018

    2017 Year End Review

    Every year breaches are becoming more prevalent and have a much higher impact then years prior. Take a look at some of the breach reports that it made it on our list.