With those three incidents alone, there were more than 400 million records exposed. This figure doesn't count the incidents at Home Depot, JPMorgan Chase, Michaels, Neiman Marcus, Orange, American Express, or Community Health Systems.
"Big Data leads to Big Theft," said Dr. Lloyd. "Cyber criminals are savvy about risk vs. reward -- if we make big piles of data, they are willing to put in more effort to get in to take it."
HyTrust's Borovac agrees:
"The primary reason that we're seeing breaches of this magnitude is that data and applications are becoming more concentrated. As organizations consolidate and virtualize data centers, it becomes easier for someone who gets in to get everything."
The fact that consolidation played a role in some of this year's security incidents is important, given that it also plays a role in income-generating business initiatives. Despite the fact that 2014 was a record setting year for data breaches, for most organizations security is still an after-the-fact, bolted-on additive.
"Security professionals at heart have known for over a decade now that security, like all business practices, is ultimately dictated by ROI. Until companies feel that they will lose customers due to security concerns, there is no good business reason to address them with the same attention that they do sales or any other income-generating business infrastructure piece," said Carl Vincent, security consultant at Neohapsis.
But perhaps all is not lost. Again, 2014 could be the turning point for most security programs. If so, things may start to get a bit better, Vincent explained.
"With massive wide scale breaches now coming to light, it is possible that we are now seeing the beginning of an era where the consumer evaluates a company's security posture before choosing to use a service. If that time is upon us, perhaps an era of information security being taken seriously is upon us as well."
Sign up for Computerworld eNewsletters.