Corporate data loss hits highest levels since 2008

Recent incidents of corporate data loss hit the highest levels since 2008 as companies work to improve data security strategies against a greater variety of more sophisticated IT attacks that can pose severe enterprise and reputational risks.

Data loss attacks affected more than one billion people in the last five years and more than 60 percent of those incidents were the result of hacking, says The Data Loss Barometer report from KPMG that analyzed incidents since 2005 across industries, types of data loss and global regions.

According to the report, data loss threats have risen substantially with the use of mobile devices for business purposes and personally identifiable information continues to be the top data loss type.

Industries such as health care and professional services, which maintain the largest databases of personal information, saw 18.5 million people affected by PC theft, which accounted for one-third of all data loss incidents in those sectors for the first half of 2012.

“Hard drives continue to be the number one target for portable media data loss, but we have seen a big increase in incidents around DVDs and CDs, as well,” said Greg Bell, a partner at KPMG LLP. “The volume of company data stored on personal and mobile devices needs to be a major consideration when devising a comprehensive security plan.”

Depending on the type of data loss, an incident can be a major risk to a company’s revenue or reputation. Senior management and boards are now challenged to weigh the threat of exposure according to which data loss could be more impactful to the company and employ security measures as appropriate, according to the report’s findings.

“If a laptop with a formula for a new cancer drug is stolen, it could have the potential for a billion dollar loss to a company’s future revenue; but if a laptop is lost with health records for two million patients, that could be a reputational mark from which they can’t recover,” said Bell. “Executives and boards need to be a part of the discussion around the most effective way to protect this information from all types of loss because it could mean unrecoverable damage to a firm.”

Additional findings in the KPMG report included:

• Government, healthcare, education, financial services and retail comprised the top five worst performing sectors for data loss incidents in the last five years.
• The insurance sector is the most at risk from social engineering and system/human error data loss.
• More than 96 percent of data loss incidents in the media industry were attributed to hacking during the first half of 2012.