Data breaches in 2016 tracked by Risk Based Security involving US entities far more than organizations on other countries.

According to a report released by the company this month, US orgaizations were involved in 47.5 percent of the incidents and accounted for 68.2 percent of the exposed records.

Globally, there were 4,149 breaches reported during 2016 exposing over 4.2 billion records—some 3.2 billion more records than the previous all-time high exposed in 2013. The top 10 breaches of 2016 alone exposed a combined three-billion records. In December 2016, Yahoo reported the single largest breach ever disclosed, impacting over one-billion records.

The business sector accounted for 51 percent of reported breaches, followed by government (11.7 percent), medical (9.2 percent), and education (4.7 percent). The business sector accounted for 80.9 percent of the number of records exposed.

Hacking accounted for 91.9 percentof the exposed records, while malware accounted for 4.5 percent of the reported breaches but represented only 0.4 percent of the records compromised. Over half of the breaches exposed ten-thousand records or less. One-million or more records were exposed in 2.3 percent of the cases.

Commenting on the concentration of breaches in the US, Dwayne Melancon, vice president of product for Tripwire, said, “The US is a leading world economy—and one of the most connected economies—so it isn’t surprising that nearly half of the world’s data breaches are in the US. A lot of organizations have gone after the quick fixes for information security, but that isn’t sufficient.”

Organizations concerned about breaches will benefit most from basic information security controls that involves knowing what and who are on your network, understanding and managing vulnerabilities, and implementing a diagnostic and monitoring processes, Melancon added.

The Verizon Data Breach Investigations Report states that most breaches could have been prevented through the use of fundamental security controls like those.

“Breach disclosure laws may have something to do with these numbers,” said Tim Erlin, Tripwire’s director of IT security. “It’s worth noting that both China and the Russian Federation, also representing very large economies, had far far fewer reported breaches. They also have far fewer breach disclosure laws.”

The total number of reported breaches that have been tracked by Risk Based Security has exceeded 23,700, exposing over 9.2 billion records.