RICHMOND, VA, February 22, 2012 — The global economy may have remained weak in 2011, but criminal efforts to compromise personal information remained strong, according to Risk Based Security, Inc (RBS). The total number of records exposed in 2011 topped 368 million and represents the highest annual lost records total ever recorded. The previous high mark was in 2009 with over 191 million records. Even more alarming is that of all the data breach incidents reported, 33 percent report that the number of records exposed is unknown and thus do not appear in the records total. According to calculations based on breach averages by the Open Security Foundation, the exposed records total of 1,287,334,468, as of December 31, 2011, is potentially understated by as much as thirty percent.
Risk Based Security’s 2011 year-end Data Breach Intelligence report, recently released to customers, shows that four incidents in 2011 have been added to the Top 10 all time ‘records lost’ list. When it comes to lost records, sources external to the organization dominate by accounting for 86.69% of all records lost in 2011. Outside accounted for 60.1% of all lost records during 2010. The average number of lost records per incident for 2011 is 374,156. These statistics firmly dispute the longstanding notion perpetuated by historical CSI / FBI computer crime surveys and the computer industry that more incidents occur as a result of insiders than outsiders.
The RBS Data Breach Intelligence report also revealed that computer-based intrusion (i.e., hacking) was responsible for 33 percent of the 2011 breaches, totaling 305,809,012 records. This represents 83 percent of the total number of exposed records in 2011. “Stolen Laptop”, the number one breach type all time through 2010, has now been replaced at the top spot by hacking.
The latest information and research conducted by Risk Based Security suggests that organizations in all industries need to take note that they face a very real threat from security breaches. Whether it is the constantly increasing security threats, ever-evolving IT technologies, or limited security resources, data breaches and the costs related to response and mitigation are escalating quickly. Organizations today need more timely and accurate analytics in order to better prioritize security spending based on their unique risks.
About the Data Breach Intelligence Report
Data Breach Intelligence is possible through the partnership and combined resources of the Open Security Foundation and Risk Based Security, Inc. It is designed to provide clients with insight into the details behind each reported data breach to better focus their information security and risk management programs. The report includes the results of every day research based on aggregating public media reports, news feeds, blogs, websites, and breach notification letters obtained through Freedom of Information Act (FOIA) requests looking for new data breaches and updates to past breaches. Using diverse public sources helps to provide a more thorough picture of data breach history, and allows for independent validation of the metrics provided.
About Risk Based Security, Inc.
Risk Based Security equips organizations with security intelligence, data breach analytics, risk management services, and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. We provide clear guidance and ensure that organizations are able to implement the right security based on grounded data while making solutions affordable. The security community is no longer hindered by limited data breach metrics and is now able to better focus on the true risks to their organizations. For more information, please visit http://www.riskbasdesecurity.com/ or call 855-RBS-RISK.
