If you had to guess how many individual customer records were breached around the globe in 2016 what would you estimate? It was a big year for cyber attacks, but Forrester’s report puts in in a staggeringly large context: Approximately one billion records were compromised in the past year.

That’s around three accounts for each US citizen, and it means one thing: Cybersecurity efforts are lagging behind. If the tech industry is going to win the security arms race, Forrester argues, there are some key lessons it needs to take away from 2016’s constant attacks and breaches.

Who has the issue?

95 percent of breached records came from three industries in 2016: Government, retail, and technology. The reason isn’t necessarily because those industries are less diligent in their protection of customer records. They’re just very popular targets because of the high level of personal identifying information contained in their records.

SEE: Yahoo confirms 500M accounts leaked in massive data breach (TechRepublic)

Healthcare records weren’t in the top three, but they’re still a hot target because of all the data they contain as well. Health insurance company Anthem suffered a breach that affected 80 million people in 2015, and the data that hackers gain can be used to commit medicare fraud and other insurance abuses.

The common theme

Forrester reports on five industries, and the takeaways definitely show a trend: Companies aren’t planning for all possible intrusion contingencies. Whether it’s a problem of “It won’t happen to me,” a lack of budget, or complacency with outdated policy isn’t the concern. Breaches keep happening and they’re happening in large part because of poor security planning.

Wells Fargo’s fake account creation scandal is used as an example of poor security planning that doesn’t require outside actors to have an effect: Those fake accounts were created for real customers because employees had far more access to customer records than they needed.

SEE: The 18 most frightening data breaches (TechRepublic)

The Mexican government’s leak of 93 million voter registrations happened regardless of outside actors as well: The database was simply hosted on a server that was fully accessible to the public. With proper policies in place this kind of leak never would have happened.

Humans: The weak link in data security

At the end of the day, Forrester says, it’s up to business leaders like CXOs to create a culture where security is part of everything an organization does. Now is the time to fully assess weak points, current strategies, unplanned-for contingencies, and human error potential before something serious happens.

Proper planning, auditing, and policy along with a culture that values data security is the only way out of the current morass of vulnerability the world finds itself in. We may be living in the information age but our social consciousness of security hasn’t yet caught up.

The 3 big takeaways for TechRepublic readers

  1. Around one billion accounts and records were compromised worldwide in 2016. That’s roughly three for every American citizen.
  2. The common theme across industries is a lack of emphasis on security practices and cultures that don’t emphasize customer security as paramount.
  3. We need to collectively rethink how we approach security in the modern age in order to succeed: Start planning for every possible contingency, demand regular audits, and work to reshape the culture around security.

Also see