Data loss incidents rise as reporting improves
The third annual study by the Ponemon Institute and PGP Corporation has found that 70 per cent of UK organisations have been hit by at least one data breach incident within the last 12 months, up from 60 per cent in 2007/2008; 43 per cent of these breaches were publicly announced; there was no legal requirement to disclose the other incidents.
The number of firms experiencing multiple breaches was also up, with 12 per cent of respondents admitting to more than five data loss incidents in the same period - up from 3 per cent.
The public sector experienced the highest number of data loss incidents in the last year, reporting an average of 4.48 breaches-per-organisation (bpo). Financial services firms were the next most likely to suffer data loss, with an average of 3.11 incidents per year, followed by the education sector (2.74bpo), healthcare and pharmaceutical firms (2.65bpo) and the professional services industry (2.52bpo). Faring better were the entertainment, media, and defence sectors, none of which reported any data breaches.
Those organisations experiencing the highest number of data loss incidents were the least likely to have introduced a consistently enforced, company-wide strategy governing the use of data encryption technologies. Of the firms reporting more than five loss incidents, none had any kind of encryption strategy in place. One third of those companies reporting no data loss incident, by contrast, had instigated an enterprise-wide encryption policy, with a further 36 per cent having introduced a partial strategy to protect certain applications, departmental activities or data types (e.g., credit card numbers).
Of the regulations currently impacting firms’ approaches to data encryption, the EU Privacy Directive was considered the most influential, followed by Payment Card Industry (PCI DSS) requirements and then the UK Data Protection Directive. Only 10 per cent singled out the Information Commissioner’s Office (ICO) as the most influential regulator impacting data encryption.
A January 2009 study also conducted by the Ponemon Institute, found that the average data breach cost the research sample a total of £1.7 m; the equivalent of £60 for every compromised record cited.
More IT section news