Data losses set to soar, KPMG predicts

By Ron Condon, U.K. Bureau Chief 31 Dec 2008 | SearchSecurity.co.uk

Security UK News Digg This!     StumbleUpon     Del.icio.us

Based on current trends, KPMG says the number of people affected by data loss around the world could soar to 190 million in 2009, compared to 92 million in the previous year, as the credit crunch deepens. The report says the number of people affected by data loss incidents (47.8 million) from August to November were higher than combined incidents in the first eight months of the year -- and 38% higher than the same period in 2007 (34.5 million).

KPMG has been tracking publicly reported data losses since 2005 and records them in its "data loss barometer." The partner in charge, Malcolm Marshall, acknowledged that the figures represent just a fraction of the real extent of the data loss problem, which still goes largely unreported in many countries.

Marshall said he expected the rate of losses to grow in 2009 as finances become tight and criminals start to target individuals who might be persuaded to part with information for cash. "People may be worried about their jobs and finances, so criminals see an opportunity from the economic downturn," he said.

Since 2005, there have been around 1,300 reported incidents of data loss worldwide, with the personal data of more than 350 million people compromised, according to KPMG. In 2008 there were 427 data loss incidents reported, affecting 83 million people globally. Although fewer people were affected than in 2007, well over half of the 2008 victims -- 47.8 million -- suffered loss in the last three months of the year.

Although online shopping is unlikely to be affected by data breaches, as all credit card losses are covered by the Consumer Credit Act, Marshall said the effect on companies themselves can be crippling.

"Once they suffer an incident, their risk appetite goes right down, and they can make dysfunctional decisions in their desire to avoid a second event," he said.

One of the biggest risks comes with sharing information with outsourcing companies and sub-contractors. While he sees no sign of companies bringing in-house major business process contracts, Marshall said that several companies had now opted to dispose of their own IT equipment themselves rather than outsource the process. "There have been incidents of hardware being sold on eBay, so some companies prefer to hire in a team with sledgehammers and make sure the data is properly destroyed."

He said data loss is now a global problem that is set to get worse, adding that even the most secure and comprehensive controls do not provide absolute protection against all conceivable threats.

Marshall suggested a few simple questions that all companies should ask themselves:

• Do you know where your data comes from?
• Where it is stored and how it is used?
• Do you have a clear plan of what to do should you lose your data?

Tags: Data Protection Solutions and Strategy,  Threat and Vulnerability Management,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Data Protection Solutions and Strategy Sourcefire to ignite new offerings for virtualisation security USB drive security project protects endpoints, aids CoCo compliance How to enforce an enterprise data leak prevention policy Companies underestimate Web 2.0, social networking threat, says survey RSA council addresses growing security risks in the cloud Attackers use ATM malware to steal track data, PINs CSA, Jericho Forum unite on cloud computing security message How to create a data classification policy Trust eroding as social engineering attacks climb in 2009, says Kaspersky expert Organizations struggle with data leakage prevention, rights management Threat and Vulnerability Management Web application firewall's value depends on what the effort you put in Firewall rule management best practices Cybercrime attacks, IT outsourcing, mobile malware top ISF threat list Buying botnets: Underground network marks ominous 'milestone' Gartner sees better days ahead for security budgets How to secure the Border Gateway Protocol Coping with top security in a world of deperimeterization Computer misuse cases: Get there before the bad guys IT overhaul results in cheaper, better endpoint security management 2009 Royal Holloway University of London MSc thesis series

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary UK Identity Cards Act  (SearchSecurityUK.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary