Eight Times More Data Breaches Is No Accident – It’s Market Failure

Stock exchange market concept, businesswoman hand trader press digital tablet with graphs analysis candle line on table in office, diagrams on screen.

When it comes to data, we are living in an age of abundance. And with data, comes data breaches. In fact, in swathes. So much so, what was once just a passing nuisance affecting a select few today requires a drastic reconsideration of how we are interconnected in the digital world. In 2024 alone, more than 5.5 billion user accounts were compromised – staggeringly, nearly eight times more than the 730 million breached accounts the year before, per estimates from Surfshark, recently cited by the World Economic Forum.

What really keeps business leaders up at night, however, is the fact that more than a third of all reported data breaches – and a shocking 35.5% in 2023 – were directly caused by third parties. That is far more than just a technical snag – it is a market inefficiency, which, if unnoticed, poses a danger to the very core of a market that is becoming more and more data-dependent.

The Peril of Promiscuous Data Sharing

For long, the prevailing wisdom in data collaboration has been to simply broadcast information along open channels. Companies, keen to open up value, practiced the transfer of raw files, exporting files to partners or copying them across a variety of vendor landscapes. This conventional practice, which would appear to be rather efficient, in fact, gives rise to numerous weak points.

As soon as data falls out of the control of the data owner, even if it is encrypted once (and in most cases not followed by further encryption), the security of the data becomes more difficult to track and ensure, resulting in annoying, even devastating third-party attacks. It is like giving the keys to your vault to a trusted courier only to find out their delivery vehicle has more stops than a city bus, with each stop a potential leakage point. The damage to consumer confidence as well as reputational and regulatory costs may be irrevocable.

Data collaboration, when undertaken responsibly, is obviously key to businesses, consumers and society as a whole. A strategic shift towards Privacy Enhancing Technologies (PETs) – a paradigm change in the manner in which we extract the value of data – is today more requirement than option. PETs enable organizations to not just share data, but also to derive important insights and develop complex models without sharing or revealing the base raw data. Several PETs today look very promising:

  • Secure Multi-Party Computation (SMPC): Consider a situation where multiple companies want to determine common customers or common patterns of fraud, but do not want to provide its sensitive list of customers to any of the other companies. SMPC makes that possible by keeping raw data private and unshared. Insights are gleaned out of pooled datasets that are individually opaque.

  • Federated Learning: In this approach, an AI algorithm traverses the data, learning individually from each dataset and sharing model updates with individual datasets, never exposing raw data or moving them from their original location. It works like a skilled scout – silent and highly trained – sent out to collect intelligence at distributed outposts, as opposed to having all the intelligence gathered in one vulnerable location.

  • Homomorphic Encryption: This technological marvel enables data computation and analysis even while it is encrypted, in a way that renders the data unreadable at any stage during processing. Information remains encrypted and is an adroit way out of the dilemma of utility and privacy.

  • Trusted Execution Environments (TEEs): These are safe “vaults” within computer chips used to process sensitive data. Data can still be uploaded to a TEE (though it should first be encrypted) presenting a secure isolated analysis area.

 

Beyond the Code

The use of PETs today is gradually becoming nothing short of a strategic necessity – not just to indicate firm loyalty to consumers, but also to establish its long-term market credibility to ensure data privacy. The key to using PETs is simple: an organization should, at no point, make any raw personal data visible to a third party. That involves reconsidering partnerships and additional inspections of data clean room providers. A number of existing solutions, alarmingly, still involve the uploading of raw data into a centralized platform where data is anonymized, inadvertently creating a point of weakness at the vendor level.

To the discerning business leader, there is only one way to go: data anonymization/processing must ideally be done within the premises and under the direct control of the data owner. This must become a direct aspect of risk management going forward.

Read more from the World Economic Forum.

Leave us a Comment