Study Says Data Breaches On The Rise

from the if-it-hasn't-happened-to-you,-it-will dept

Thu, Feb 5th 2009 5:32pm — Carlo Longino

It's hardly surprising to hear that a new study claims that data breaches are on the rise, with the number of incidents picking up steam in 2008. Sadly, news of "the biggest ever data leak" seems to have become a regular occurrence, and is seen just as part of the normal course of business these days. Part of the problem is that the penalties companies pay for the leaks don't ever amount to much, what with toothless punishment from regulatory bodies and relatively small fines. Most companies just offer some free credit-report monitoring to those affected, maybe have a "special" sale, and move on. While other studies say the cost of breaches is rising, it's still low enough that, apparently, it's an acceptable cost of business, and makes the cost of better prevention unappealing. Still, this isn't wholly a technical problem: human error remains an enormous threat, with "insider negligence" blamed in one study for 88 percent of data breaches.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data breaches

5 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 5 Feb 2009 @ 5:53pm

Corporate Indifference
"an acceptable cost of business"

It's not acceptable to me, because ultimately the consumer is the one paying for their negligence.

They have no reason to care.
[ link to this | view in chronology ]
Bear, 5 Feb 2009 @ 6:41pm

Definitely not acceptable to me...
...since I'm the CTO. Everything that has to do with IT is my responsibility.
[ link to this | view in chronology ]
TW Burger, 5 Feb 2009 @ 6:49pm

Attitude is Everything
I write security software for a large retailer and everything here is built for as much security as is practically possible.

However, I can attest that the biggest threat to data security is not a not so thoroughly parsed parameter or a port in a fire wall that is left open, it is, as stated, insider negligence. Plain corruption may account for some problems but the bulk of the issues are crappy passwords (ironically my experience is that the more access a user has due to seniority and position the worse the password choice), leaving computers unattended, not wiping discarded hard drives, and not shredding papers that contain sensitive data.
[ link to this | view in chronology ]
Rich Kulawiec, 6 Feb 2009 @ 4:18am

Imprisonment and confiscation for Cxx-level officers
The fix for this is precisely the same as that for other abuses which are either perpetuated or tolerated by Cxx-level officers of other companies (e.g., financial fraud): imprisonment and confiscation of all personal assets. I'm sure we could release any number of casualties of well-known failure called "The War on Drugs" in order to make room for them, and their own assets should be spent on paying for their confinement. Perhaps the prospect of sharing a cellblock with the executives of Citibank and TJ Maxx -- as well as some hardened criminals, let's make sure they're mixed in -- would cause these selfish, arrogant, worthless jerks to think about the consequences of their own greed before indulging it.
[ link to this | view in chronology ]
Anonymous Coward, 6 Feb 2009 @ 8:09am

The total cost to an organization that has a data breach is vastly under reported. The big problem is that most companies don't realize this until it has happened to them.
[ link to this | view in chronology ]