Skip to main content

Trustwave: Retail most compromised industry in 2014, with e-commerce assets most targeted


Chicago -- Retail was the most compromised industry in 2014, making up 43% of breach investigations, according to a study by Trustwave that gathered data from 574 breach investigations the company conducted in 2014 across 15 countries. Retail made up 43% of the investigations, followed by food and beverage, which made up 13% of the investigations.

The “2015 Trustwave Global Security Report” found that 64% of the breaches in the retail industry were of e-commerce assets and 27% were of POS assets.

In other findings payment card track data was the most targeted information sought by attackers in 2014 (making up 31% of all cases, up 12% over 2013). Attackers sought either financial credentials or proprietary information in 20% of the cases, down from 45% in 2013, as attackers shifted their focus back to payment card data.

The report confirms that longer passwords are better. “Password1” was still the most commonly used password, and 39% of passwords were eight characters long. The estimated time it took Trustwave security testers to crack an eight-character password was one day. The estimated time it takes to crack a 10-character password is 591 days.

Other highlights of the report include:

• The majority of victims, 81%, did not detect breaches themselves. The report reveals that self-detection leads to quicker containment of a breach. In 2014, for self-detected breaches, a median of 14.5 days elapsed from intrusion to containment. For breaches detected by an external party, a median of 154 days elapsed from intrusion to containment.

• Weak remote access security and weak passwords tied as the vulnerability most exploited by criminals in 2014.

• Half of the compromises Trustwave investigated occurred in the United States (a nine percentage point decrease from 2013).

• The Trustwave Global Security Report is designed to help businesses better understand their cyber enemies and the tactics they are using to launch attacks. Download it here at

This ad will auto-close in 10 seconds