DATA LOSS BAROMETER. A global insight into lost and stolen information

Transcription

1 DT LOSS BROMETER global insight into lost and stolen information Netherlands 0.5% KPMG s Data Loss Barometer exposes the latest trends and statistics for globally lost and stolen information in Over 82 countries are represented in 2012, with over 96 countries represented over the last five years. Canada 3.25% Japan 1.2% ustralia 1.2% Ireland 0. India 0. Germany 0.5% China 0.5% Great Britain 8.4% kpmg.com U.S. 75% China 1.5% Italy 1. Spain 1.9% la 2% 1

2 CONTENTS KEY FINDINGS SECTION ONE OVERVIEW 2012 DT LOSS TRENDS 2012 SECTOR TRENDS FIVE YER VIEW SECTION TWO CHRTS 2012 DT LOSS TRENDS FIVE YER VIEW GLOBL CHRTS THE METHODOLOGY The Data Loss Barometer analyzes data loss incidents reported around the world since This data is sourced from Risk Based Security September

3 KEY FINDINGS Hacking number one data loss threat Over the past five years, more than one billion people globally have been affected by data loss incidents. In the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents. Over the last five years, 60% of all incidents reported were due to Hacking. Insurance sector number one at risk from Social Engineering and System/Human Error In the first half of 2012, the Insurance sector appears to be at greatest risk from Social Engineering attacks and System/ Human Error incidents. Healthcare sector shows significant improvement The Healthcare sector, which previously struggled between 2010 and 2011 with the highest number of data loss incidents has shown dramatic improvement in The percentage of data loss incidents that affected the Healthcare sector has fallen from a high of 25% in 2010, to just in Technology sector number one worst performing sector by number of people affected Over the last five years, the Technology sector, had fewer incidents than the Top Five worst performing sectors (Government, Healthcare, Education, Financial Services, and Retail) however, the percentage of people affected by incidents in that industry remains the highest; accounting for 26% of the total number of people affected. First time in five years that insider threat has decreased and is at an all-time low Surprisingly, for the first time over the last five years, the threat from malicious insiders has dropped from an average from previous years of 25% of total number of incidents, to an all-time low of 6.5% in Conversely, we see a dramatic rise of double the number of incidents from external sources in 2012 from 2010, accounting for 81% of total number of incidents. This could be because the rise in hacking has taken people s eyes off the insider threat KPMG has not seen an improvement in controls to prevent or detect insiders in the period. Overall data loss incidents return to similar levels as 2008 Following a fall in reported incidents in when compared to 2008, the trend has reversed with a higher number of incidents reported in 2011, and total incident numbers in 2012 almost returning to 2008 levels. This could be accounted for by a maturing regulatory environment where incidents are being identified and monitored more thoroughly, but is also likely to be a result of the dramatic increase in the sophistication and variety of attacks we have seen in the last 18 months. 4 5

4 SECTION ONE: OVERVIEW 6 7

5 2012 DT LOSS TRENDS * January June 2012 External data losses RISE 40% vs. previous year, FFECTING 160 MILLION PEOPLE Hackinga continued threat, 6 of total incidents Insurance sector number 1 T RISK from Social Engineering and System/Human Error 3 Data loss incidents involving third parties are more commonplace in the Technology sector Government, Education, Technology & WORST affected sectors for data loss Personally identifiable information remains 1 the number data loss type 8 9

6 2012 SECTOR TRENDS 1 Over 96% of data loss incidents in Media were attributed to Hacking in the first half of Government has maintained relatively flat rates of data loss incident numbers since 2008, ranking either number one or number two as overall worst performing sector by total number of incidents over the last five years. 2 Insurance sector number one at risk from Social Engineering and System/Human error in the first half of % of data loss incidents in Retail were attributed to Hacking in the first half of Financial services have seen an 80% reduction in data loss by number of incidents in the last five years, but is still the fifth worst performing sector in the first half of million people have been affected by 6 PC theft. It represents around 1/3 of all data loss incidents in the Healthcare and Professional Services sectors in the first half of

7 YER VIEW J F M M S O J J N D J F M M S O J J N D J F M M S O J J N D J F M M S O J J N D J F M M S O J J N D Total number of incidents show Technology, Financial services, Retail and Media as the worst performing sectors Hard Drive number one portable media incident, but a growth in DVD/CD incidents 681 million records/people affected by Hacking as number one cause of data loss Healthcare sector shows a sharp drop in the number of breaches in

8 SECTION TWO: CHRTS 14 15

9 2012 DT LOSS TRENDS * January June 2012 By sector: number of incidents as a percentage of total for 2012 Other business sectors 21. Law 2.5% Data services 0.4% Insurance 1.2% Financial services 3.2% Not for profit 3. Professional services 5.2% Healthcare 7.9% Media 8.3% By cause: number of incidents as a percentage of total for 2012 By sector: number of incidents as a percentage where a third-party was involved for 2012 Retail 8.3% Technology 8.6% Improper disposal 2% Portable media theft/loss 1% Human/system error 4% Web/network exposure 4.6% Media 2% Not for profit 3% Law 2% Organization 1% Insurance 3% Organization 1% Ind. Markets 2% Data Services 2% Other business sectors 12% Education 12.6% Government 16.4% Unknown 3% PC theft 4. Hard copy theft/loss Hacking 67.2% Malware 1.4% Fraud/social engineering Financial services 9% % 17 Healthcare 13% Education 12% Professional services 14% Government 6% Retail 3% Technology 1

10 Cause of data loss vs. Industry: number of incidents as a percentage of total for 2012 (January June) Government Healthcare Education Financial services Retail 14% 62% 10% 2 1 6% 6% 69% 35% 12% 76% 14% 30% Professional services Technology Insurance Media 9% 32% 33% 11% 11% 13% 13% 74% 1 25% 9 Organization Not for profit Law firms Industrial markets Other business sectors 3 6% 11% 9% 75% 63% 63% 64% 94% Hacking Human/system error Malware Hard copy loss/theft PC theft Web/network exposure PC loss Unknown Portable media Fraud/social engineering Improper disposal 18 19

11 FIVE YER VIEW By sector: number of records/people affected as a percentage of total since 2008 (to June 2012) By cause of data loss: number of records/ people affected since 2008 (to June 2012) 100% 90% 80% By cause: number of external incidents as a percentage of total five year trend 70% 60% 50% Insider malicious 40% 30% External 20% 10% 0% Insider accidental Insider unknown Data services 14.2% Other business sectors 1.1% Fraud/social engineering 16% Unknown 3. By sector (Worst five): number of incidents as a percentage of total five year trend 30% 25% Not for Profit 0. Media 12.5% Industrial markets 1.5% Organization 2% Web/network exposure 10.4% Human/system error 0. Government Financial services Education Healthcare Retail 20% 15% 10% 5% 0% Technology 23.6% Insurance 1.3% Hacking 65% Professional services 0. 50% 45% 40% 35% 30% 25% 20% 15% 10% 5% 0% By portable media: number of portable media incidents as a percentage of total five year trend Hard drive USB memory Tape Other Healthcare 3.2% Retail 13. Financial services 14. Education 5.4% Government 5.2% PC Loss 0. Improper disposal 0.1% PC Theft 1% Portable media theft/loss Hard copy theft or loss 0. DVD/CD Mobile device 20 21

12 GLOBL CHRTS By country: number of incidents as a percentage of total - five year trend 12 6 Other 24.5% Other 8.1% 100% Netherlands 0.5% Germany 0.5% China 0.5% Canada 3.25% India 0. Ireland 0. ustralia 1.2% Japan 1.2% 2 By country: number of incidents as a percentage of total for 2012 (January - June) 80% Great Britain 8.4% 1 By country: number of incidents as a percentage of total since 2008 (to June 2012) 60% 40% 80.3% 81.5% 83.4% % 20% 0% U.S. 75% China 1.5% Italy 1. Spain 1.9% Venezuela 2% ustralia 2% India 2.1% Netherlands 2.2% Canada 4.2% U.K. 10.1% U.S % U.S.. Great Britain Canada China Germany ustralia Ireland India Japan Netherlands Other 22 23

13 KPMG Contacts and cknowledgements Contact Us Malcom Marshall Global Partner, Information Protection and Business Resilience Stephen Bonner Partner, Financial Services, Information Protection and Business Resilience Charlie Hosner Partner, Corporates, Information Protection and Business Resilience We would like to thank all of our contributors to the survey, in particular members of the project and editorial team: Bona Boraliu Lisa Mitchell Charmaine Servado Martin Tyley This will be the final edition of KPMG s Data Loss Barometer. In future we will be publishing KPMG s Cyber Vulnerability Index bi-annually; the first edition was published in July For more information visit The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. lthough we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation KPMG International Cooperative ( KPMG International ), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. ll rights reserved. Printed in U.K. The KPMG name, logo and cutting through complexity are registered trademarks or trademarks of KPMG International. RR Donnelley I RRD I November 2012 I Printed on recycled material.