Businesses operating in the technology field have leaked consumers’ data more than most other industries.
This is the shock finding from NordPass research, which shows that almost 780 technology companies have suffered data breaches during which various consumer data (such as email addresses, passwords, and usernames) was leaked since late 2019. This places the technology industry in second position among sectors with most client data leaks.
For this study, NordPass partnered with independent third-party researchers who investigated which companies in the technology and other industries in terms of their size, type (such as whether private, non-profit etc), and origin are failing to secure consumers’ data the most.
Other industries failing with clients’ data
Researchers found that entertainment companies are the worst in ensuring clients’ data. However, technology companies are also not much better, with this industry having experienced similarly many cybersecurity incidents and revealing clients’ data as a result.
Firms operating in retail, business services, and the education fields are also responsible for a significant portion of consumers’ data leaks worldwide.
Most affected countries
Of technology companies worldwide that are responsible for exposing clients’ data to hackers, almost a third are based in the US. With US companies leading the list, India and the United Kingdom follow with around 75 and 45 businesses respectively.
Among the countries in the European Union (EU), technology companies in France and Belgium have experienced most cyber incidents, which led to customers’ data leaks. However, the total numbers of victim companies there are lower.
According to Tomas Smalakys, chief technology officer of NordPass, these results could be associated with the General Data Protection Regulation (GDPR), which obliges companies in the EU, Liechtenstein, Norway, and Iceland to handle clients’ data more responsibly.
“In a constantly challenged cyber environment, businesses no longer have the luxury to store consumer data in plain text on Excel or otherwise neglect basic cybersecurity practices. To avoid financial and reputational risks, companies should consider it their personal duty to ensure clients’ data is secured against online threats, even if the legislation is not there yet,” says Smalakys.
Private companies are the number one target
In terms of organisation’s type, private businesses in the technology field were of most interest to hackers. Based on the study, they make up 62% of organizations that had their clients’ data stolen. Less so, cybercriminals have also targeted public companies (9%), solopreneur businesses (6%), and other types of organisations.
Researchers have also concluded that smaller companies are more likely to experience a data breach and lose clients’ data as a result. In the technology industry, companies with up to 50 employees had their clients’ data compromised the most.
How to secure clients’ data?
Despite intensifying cyber risks, many technology businesses, especially smaller ones, lack awareness on why they should and how they should secure clients’ data.
Setting up a cyber resilience plan and organizing employee training could be a good start, says Smalakys. Additionally, companies should consider network security solutions, such as business VPNs, that restrict unauthorised access to computing systems. They have proved to be an effective solution against malware and other malicious attacks.
Password management is another field to improve, says Smalakys. While many cybersecurity incidents happen simply due to compromised credentials, even the world’s biggest companies do not abandon poor password management practices, reveals an earlier study by NordPass.
Up to 32% of their passwords contain a direct reference to the company, which is a gift to hackers.
To address this issue, Smalakys recommends adopting password managers, which allow people within the organisation to store, manage, and share passkeys in an end-to-end encrypted space. In addition, companies can try out passkeys, the new alternative method of online authentication, currently considered the most secure alternative to passwords.
Progressive companies, such as Google, Microsoft, Apple, PayPal, and KAYAK, already allow account access with passkeys.