 "Cos Spent Over $500 Mn On Damage Control Following Info Leaks In 2011")
InfoWatch, the IT security company, revealed that in 2011, having compromised 223 million records, organisations spent more than $500 million on damage control following information leaks.
The InfoWatch group of companies is founded and headed by Natalya Kaspersky, the co-founder of Kaspersky Lab. Their annual analytical study of data leaks is based on a database that has been maintained by InfoWatch experts since 2004. The database contains incidents of confidential data leaks released to the mass media, blogs, and other open sources. Considering the privacy of information security, and an established unwillingness by organisations to publicly release incidents, far from every incident becomes public property. The real number of leaks far exceeds the number of published leaks. Remote computer attacks, as well as any incident involving information systems (such as DDOS, phishing, etc.) are not included in this report.
Throughout the investigated period, 801 incidents involving confidential data leaks were reported, an increase of 1 percent from the previous year. The proportion of accidental and intentional leaks was almost equal – 43 percent and 42 percent.
Commercial enterprises were, as before, most typical sources of confidential information leaks, at 45 percent. However, when compared to the previous year, their proportion decreased by 25 percent. InfoWatch Analytics connect this to businesses’ increased awareness of security in their organisations’ data flow. This lead to a growth in the proportion in leaks at government organisations (to 31 percent) and non-commercial organisations (to 20 percent), in which accidental leaks are the most common.
The lion’s share of all incidents of data leaks involves personal data (92.4 percent). A large number of personal data leaks occur as a consequence of improper disposal of paper documents (this distribution channel accounts for 19.1 percent of incidents), or loss or theft of devices (laptops, flash drives, backup copies). As before, confidential information leaks through the Internet (webmail, chat, and publication of databases in open access account for 21.7 percent of all leak incidents), and through email (10.1 percent).
UK, USA and Canada are once again at the head the palm for the number of leaks, as well as for the number of leaks per capita. For the most part, this is connected to the lawmakers of these countries, and well as an active interest in the mass media regarding corporate security and protection of personal data.