By: Kelly White, Founder, RiskRecon by Mastercard
A Lesson from 14,413 Breach Events
What regions of the world have the lowest rates of breach events? Which ones have the highest? This could be an important factor in deciding where to allow third-party providers to host your systems and data. On the surface, one could reasonably conclude that the countries with the highest cybersecurity advancements and the greatest degree of related regulations would have the lowest rates.
Fortunately, here at RiskRecon, we are well positioned to bring together the facts necessary to answer this question. As part of our cybersecurity ratings services, we closely monitor material publicly reported cybersecurity breach events. From 2012 to 2023, across a closely monitored population of 150,000 companies, we have cataloged and analyzed 14,413 material, publicly reported breach events.
Going into this, I expected to see cybersecurity-advanced regions, such as Western Europe and North America, at the lower end of the breach event rate scale. And I guessed that regions such as South and Central America would top the charts. That proved completely wrong. Check out the data.
As it turns out, the regions of South America, Central America, and Eastern Europe, contrary to my predictions, have the lowest rates of publicly reported breach events. North America tips the other end of the scale, with six percent of companies publicly reporting a breach since 2012. What gives?
After staring at the data for a bit, I put a regulatory lens on top of the data. Four of the five regions with the highest cybersecurity and privacy regulations, the regions I expected to perform best, were in the top end of the breach rates.
The lesson here? Well, one is that if you want to have confidence that your vendors will notify you of breach events, you would be well served to engage with vendors operating in highly regulated countries. At a minimum, regardless of your contracts, you should consider your vendor’s operating regions in your risk model.
Ready to see how RiskRecon’s new module can enhance your security?