Study confirms companies with poor privacy practices are more likely to suffer data breach

Posted on Jul 24, 2020 by Caleb Chen

A new whitepaper by Osana confirms what many of us already suspected: that companies with poor privacy practices are 80% more likely to suffer a data breach. To back up the intuitive conclusion that companies with poorer privacy practices are more likely to suffer a data breach, Osana first started by assigning a privacy score to over 11,000 companies and organizations. These aren’t just random companies, they are a representative set of the 11,000 most visible companies across industries based on website ranking.

The companies and organizations were given a score of up to 850 based on 163 different factors. According to the Privacy Breach Link whitepaper, the factors focused on some key areas:

“Factors included policies about selling data to (or sharing it with) third parties, use of data for targeted advertising, end user privacy policies that can be easily found and understood by the average person, and whether data on children under the age of 13 was collected among other factors.”

Osana then evaluated whether these companies have had a data breach in the last fifteen years. With this base dataset, Osana was able to show the correlation between privacy practices and both frequency and severity of data breaches.

Poor privacy practices lead to data breaches

Of the 11,000+ companies and organizations included in Osana’s data privacy study, about 2.77% have suffered a data breach. If you’re interested in checking out the privacy scores of your favorite top website, you can use Osana’s Privacy Monitor website to see the scores. A few interesting tidbits that the study revealed include the fact that .edu and .gov websites are targeted about 27% more often. Another solid conclusion is that the more third parties that a company or organization shares user data with, the more likely a data breach is to occur. In fact, third parties were responsible for ⅔ of all surveyed data breaches because the average company shares data with hundreds of third parties.

Even without third parties involved, data breaches can still happen. Osano CEO Arlo Gilbert commented to CPO Magazine about the increased likelihood of data breaches at companies with poor privacy practices:

“We’re seeing this premise play out in events happening today. Last Wednesday, Twitter suffered a breach that exposed 130 accounts, and perpetrators downloaded personal data from eight accounts, which could now trigger CCPA regulations. Twitter has a Very Poor Osano Privacy Score, so the breach shouldn’t be surprising.”

The fact that most of the recognizable brand names in the world have such a large attack vector for data breaches shows failings in employee training and other company wide security practices. Privacy needs to be baked in by design – this entails everything from being hypervigilant about restricting data flow to third parties to designing features to be privacy conscious. We are now better able to quantify exactly how detrimental it can be to a company if they don’t respect privacy – and hopefully this causes better privacy practices across the board.