Data breaches are in the news all the time these days. Whether it’s the loss of credit and debit card information from a retailer like Target or personal and health care information from a health insurance company, there’s a steady drumbeat of stories about data being lost to attackers.

But the stories don’t tell you what happens to the data after it’s stolen. And the news doesn’t necessarily give a full picture. Do outside attackers really account for the majority of data breaches?

Continuing in our tradition of deep research to understand threats and trends, we are proud to release a new research paper that provides one of the most comprehensive analyses of data breaches ever: “Follow the Data: Dissecting Data Breaches and Debunking Myths.”

In this paper, Numaan Huq of the Forward-Looking Threat Research (FTR) Team has taken 10 years of information on data breaches in the United States from the California-based Privacy Rights Clearinghouse (PRC) (from 2005 through 2015) and subjected it to detailed analysis to better understand the real story behind data breaches and their trends.

Some of the information in the report confirms what people know (or think they know). For instance, credit and debit card data breach incidents have increased 169% in the past five years. However, some of the information is also surprising. For example, credit and debit card, bank account, and personally identifiable information (PII) have all plateaued or are dropping due to oversupply in terms of prices on the underground marketplace, while the value of compromised Uber, PayPal and online poker accounts are rising.

But the analysis goes even deeper. Using a Bayesian network to model commonly observed data breach scenarios, Huq identifies a number of deeper trends such as:

Hacking or malware attacks account for the single greatest cause of data loss with portable device loss at a close second

PII is the data most likely stolen with financial data second

Credentials are not the most commonly stolen data, but the most likely data to lead to additional types of data loss

In fact, this report provides a thorough analysis to help people understand the most likely additional data to be lost in a data breach incident.

In addition, this report also contains an addendum report “Follow the Data: Analyzing Breaches by Industry” that goes into even more detail on an industry-by-industry basis for the following industries:

Healthcare

Government

Retail

Financial

Education

This report then provides detailed information on what happens to the data once stolen, outlining the latest trends in Deep Web market places for stolen data and supplementing our other work around the cybercrime underground economy in the Deep Web.

The report brings its analysis to a close by correlating trends with industry best practices for defense using the “Critical Security Controls” maintained by the Center for Internet Security (CIS) so that to administrators can assess their current security controls for breach defense based on empirical data from the report. Finally the report discusses the state of data breach legislation in the United States.

Taken as a whole, this report and it’s addendum provides one of if not the most comprehensive analyses of data breaches undertaken yet in the industry. It’s something that should be useful for everyone to understand not just what’s happened over the past 10 years but what can happen in the future and how best to defend and protect against it.

Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.