A Tale of Three Breach Reports

July 30, 2010 - Linda McGlasson

This week a trio of reports came out on data breaches. Talk about information overload! I decided to take a look at these reports to compare commonalities and distinctions.

One of the best and most comprehensive of reports, the annual Verizon Business Data Breach Investigations Report, slams home some really scary statistics for financial services, hospitality and other industries prone to data breaches. Its two top headlines: Organized crime was responsible for 85 percent of all stolen data in 2009. And stolen credentials were the most common way to gain unauthorized access into organizations.

When boiled down to the basics, each of these reports says the same thing: Expect a data breach.

Next, the first annual Cost of Cyber Crime Study by the Ponemon Institute shows the enormous cost that data breaches have on victim organizations. This study doesn't look at types data breaches per se, but rather the costs. Web-borne attacks, malicious code and insiders are the most costly, making up more than 90 percent of all cybercrime costs per organization per year. An average web-based attack costs $143,209; malicious code, $124,083; and malicious insiders, $100,300. The report doesn't paint a rosy picture about the average length of time to resolve a data breach. An incident incurred by a malicious insider, for instance, takes an average of 42 days or more to resolve.

To read the entire article, click here - http://blogs.govinfosecurity.com/posts.php?postID=644&rf=2010-08-02-eg