Most information security professionals argue over this question, but, usually agree that even if our government establishes a single data breach list requiring mandatory public reporting, a true measurement of data breach activity may always be a point of serious debate.
With this level of potential ambiguity facing information security managers in organizations, and rather than trying to focus on a question without a clear answer, we recommend that they read/review the recently released 2009 Identity Theft Resource Center® (ITRC) Breach Report.
The ITRC report used percentages to analyze the 498 breaches recorded this year looking for any changes or new trends and includes at least the following main highlights:
- paper breaches account for nearly 26% of known breaches (an increase of 46% over 2008)
- business sector climbed from 21% to 41% between 2006 to 2009, the worst sector performance by far
- malicious attacks have surpassed human error for the first time in three years
- Out of 498 breaches, only six reported that they had either encryption or other strong security features protecting the exposed data
We hope you find this information valuable in helping your information security managers plan and implement an effective corporate security and compliance program for their organization.
Click here to read more about this report.