Data losses set to soar, KPMG predicts

By Ron Condon, U.K. Bureau Chief 31 Dec 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

Based on current trends, KPMG says the number of people affected by data loss around the world could soar to 190 million in 2009, compared to 92 million in the previous year, as the credit crunch deepens. The report says the number of people affected by data loss incidents (47.8 million) from August to November were higher than combined incidents in the first eight months of the year -- and 38% higher than the same period in 2007 (34.5 million).

KPMG has been tracking publicly reported data losses since 2005 and records them in its "data loss barometer." The partner in charge, Malcolm Marshall, acknowledged that the figures represent just a fraction of the real extent of the data loss problem, which still goes largely unreported in many countries.

Marshall said he expected the rate of losses to grow in 2009 as finances become tight and criminals start to target individuals who might be persuaded to part with information for cash. "People may be worried about their jobs and finances, so criminals see an opportunity from the economic downturn," he said.

Since 2005, there have been around 1,300 reported incidents of data loss worldwide, with the personal data of more than 350 million people compromised, according to KPMG. In 2008 there were 427 data loss incidents reported, affecting 83 million people globally. Although fewer people were affected than in 2007, well over half of the 2008 victims -- 47.8 million -- suffered loss in the last three months of the year.

Although online shopping is unlikely to be affected by data breaches, as all credit card losses are covered by the Consumer Credit Act, Marshall said the effect on companies themselves can be crippling.

"Once they suffer an incident, their risk appetite goes right down, and they can make dysfunctional decisions in their desire to avoid a second event," he said.

One of the biggest risks comes with sharing information with outsourcing companies and sub-contractors. While he sees no sign of companies bringing in-house major business process contracts, Marshall said that several companies had now opted to dispose of their own IT equipment themselves rather than outsource the process. "There have been incidents of hardware being sold on eBay, so some companies prefer to hire in a team with sledgehammers and make sure the data is properly destroyed."

He said data loss is now a global problem that is set to get worse, adding that even the most secure and comprehensive controls do not provide absolute protection against all conceivable threats.

Marshall suggested a few simple questions that all companies should ask themselves:

• Do you know where your data comes from?
• Where it is stored and how it is used?
• Do you have a clear plan of what to do should you lose your data?

Tags: Data Protection Solutions and Strategy,  Threat and Vulnerability Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection Solutions and Strategy Enterprise data management: Prevent data loss and insider threats NSA, cryptoexperts jab at RSA Conference 2010 Cryptographers' Panel Make PCI DSS compliance easier by reducing scope, outsourcing data Data Protection Act fines likely limited, audit powers may expand Websense integrated security system aims to simplify security management Full disk encryption: Safer and easier than file and folder encryption No major PCI DSS revision expected in 2010 Data breach costs continue to rise in 2009, Ponemon study finds Chinese hacker attacks target Google Gmail accounts, top tech firms Annual security reports offer some hope Threat and Vulnerability Management Considering two-factor authentication? Do cost, risk analysis Clientless SSL VPN vulnerability and Web browser protection Microsoft's Charney details new botnet protection, IdM technology at RSA Look into SIEM services to cut costs, comply with PCI DSS, HIPAA Cloud security issues, targeted attacks to be hot-button topics at RSA Zeus Trojan continues reign infecting 74,000 PCs in global botnet How to use Google Webmaster tools to help protect your site New Community Security Policy aims to reduce computer misuse The value of booting from a VHD in Windows 7 What to do with network penetration test results

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary