InfoWatch, the leading expert company in Russian and European DLP markets, presents Global Research on Data Leaks in 2009. Total number of reported data leaks has continued to grow but slowed down. Possible causes include financial crisis, greater latency, mass implementation of DLP systems.
The study is targeted at security experts and is based upon the leak database maintained by InfoWatch analytical center since 2004. The database includes global data on any leaks reported by media, blogs, web forums, and any other public sources worldwide.
Data leak issue has lost some popularity in the US, but in other countries it has become more critical. In 2009, UK adopted several legislative regulations forcing personal data operators to report any data leak (similar to current US laws). Therefore, number of incident reports from UK has increased in 2009 (125 reports, as compared with 54 in 2008). For example, Russia introduced the personal data law, which stayed a hot public topic throughout the year, therefore the number of data leaks reported in Russia has predictably increased (30 leaks in 2009, as compared to 6 in 2008). No strong statistical dynamics was discovered in any other country.
Average number of personal data records influenced by a leak is 754,000, while some incidents influenced only 1, 2, or 5 personal records. During 2008 this parameter was noticeably lower – approx. 405.000.
Natalya Kaspersky, InfoWatch CEO: “What is the meaning of these figures? Personal data storage becomes more centralized each year. More people join the Internet, more bank cards are issued each year. While small enterprises often choose not to keep personal data of the clients, bigger ones usually do, but their confidentiality level doesn’t increase as fast as their businesses grow, due to the lack of ability, budget, or desire to protect customers’ personal data”.
Percentage of the intentional leaks continues increasing, and this tendency will stay the same in the nearest years. Total majority of the reported leaks in 2009 contain personal. This absolute domination is self-evident: there’s an overwhelming mass of personal data worldwide, and they are in constant use.
Among the major data leak channels are paper hardcopies, mobile computers (laptops, PDAs, etc.) and archived media. InfoWatch analysts believe encryption proves to be an important measure for valuable information protection in the today’s situation of increased loss of physical data carriers, such as laptops or mass-storage devices.
At that InfoWatch analysts warn that electronic protection measures are often overrated by the employees responsible for data security, while traditional (mostly accidental) paper leaks go overlooked, as managerial security procedures are the only efficient way to prevent these leaks.
Full version of the report is available upon request.