Data Loss Barometer - assets.kpmg · DATA LOSS BAROMETER A global insight into lost and stolen...

1

Ch

ina

0.5%N

etherlan

ds

0.5%G

ermany

0.5%In

dia

0.7%

Ireland

0.7%

Australia

1.2%

Japan1.2%

Canada

3.25%

Great Britain

8.4%

U.S.A 75%

China 1.5%

Italy 1.8%

Spain 1.9%

Venezuela 2%

Australia 2%

2.1%

DATA LOSS BAROMETER

A global insight into lost and stolen information

KPMG’s Data Loss Barometer exposes the latest trends and statistics for globally lost

and stolen information in 2012. Over 82 countries are represented in 2012,

with over 96 countries represented over the last five years.

kpmg.com

2

CONTENTS

KEY FINDINGS 3

SECTION ONE 5OVERVIEW

2012 6DATA LOSS TRENDS

2012 8SECTOR TRENDS

2008 – 2012 10A FIVE YEAR VIEW

SECTION TWO 12CHARTS

2012 13DATA LOSS TRENDS

2008 – 2012 17A FIVE YEAR VIEW

GLOBAL CHARTS 19

© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.

ACKNOWLEDGEMENTS

We would like to thank Risk Based Security for providing the data used in the Data Loss Barometer. In addition, we would like to thank the following project team members for their contribution:

Bona Boraliu Charmaine Servado

Lissa MitchellMartin Tyley

3

KEY FINDINGS

Hacking number one data loss threatOver the past five years, more than one billion people globally have been affected by data loss incidents. In the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents. Over the last five years, 60% of all incidents reported were due to Hacking.

Healthcare sector shows significant improvementThe Healthcare sector, which previously struggled between 2010 and 2011 with the highest number of data loss incidents has shown dramatic improvement in 2012. The percentage of data loss incidents that affected the Healthcare sector has fallen from a high of 25% in 2010, to just 8% in 2012.

Technology sector number one worst performing sector by number of people affectedOver the last five years, the Technology sector, had fewer incidents than the Top Five worst performing sectors (Government, Healthcare, Education, Financial Services, and Retail) however, the percentage of people affected by incidents in that industry remains the highest; accounting for 26% of the total number of people affected.


4

KEY FINDINGS

£Hacking number one data loss threat

Healthcare sector shows significant improvement

Technology sector number one worst performing sector by number of people affected

Over the past five years, more than one billion people globally have been affected by data loss incidents. In the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents. Over the last five years, 60% of all incidents reported were due to Hacking.

The Healthcare sector, which previously struggled between 2010 and 2011 with the highest number of data loss incidents has shown dramatic improvement in 2012. The percentage of data loss incidents that affected the Healthcare sector has fallen from a high of 25% in 2010, to just 8% in 2012.

Over the last five years, the Technology sector, had fewer incidents than the Top Five worst performing sectors (Government, Healthcare, Education, Financial Services, and Retail) however, the percentage of people affected by incidents in that industry remains the highest; accounting for 26% of the total number of people affected.

Insurance sector number one at risk from Social Engineering and System/Human ErrorIn the first half of 2012, the Insurance sector appears to be at greatest risk from Social Engineering attacks and System/Human Error incidents.

First time in five years that insider threat has decreased and is at an all-time lowSurprisingly, for the first time over the last five years, the threat from malicious insiders has dropped from an average from previous years of 25% of total number of incidents, to an all-time low of 6.5% in 2012. Conversely, we see a dramatic rise of double the number of incidents from external sources in 2012 from 2010, accounting for 81% of total number of incidents. This could be because the rise in hacking has taken people’s eyes off the insider threat – KPMG has not seen an improvement in controls to prevent or detect insiders in the period.

Overall data loss incidents return to similar levels as 2008Following a fall in reported incidents in 2009-2010 when compared to 2008, the trend has reversed with a higher number of incidents reported in 2011, and total incident numbers in 2012 almost returning to 2008 levels. This could be accounted for by a maturing regulatory environment where incidents are being identified and monitored more thoroughly, but is also likely to be a result of the dramatic increase in the sophistication and variety of attacks we have seen in the last 18 months.


5

SECTION ONE: OVERVIEW


6

2012 DATA LOSS TRENDS

* January – June 2012

and System/Human Errorfrom Social Engineering AT RISK number 1Insurance sector

3

Government, Education,

Technology& WORSTaffected sectors for data loss

ird parties re moremmonplace

in the sectorTechnology

1Personally identifiableinformation remains

the number

lossdata

type

a loss incidents

nvolvingthaco

Dat

i


6a continued thr

of total

7%eat,

incidents

Hacking

External data losses

RISE 40%vs. previous year,

AFFECTING 160 MILLION PEOPLE

7

and System/Human Errorfrom Social Engineering AT RISK number 1Insurance sector

3third parties are morecommonplace

in the sectorTechnology

Data loss incidents

involving

Government, Education,

Technology& WORSTaffected sectors for data loss

67%of total incidents

a continued threat, Hacking

1Personally identifiableinformation remains

the number

lossdata

type

diary of KPMG rinted in the U

External data losses

RISE 40%vs. previous year,

AFFECTING 160 MILLION PEOPLE

2012DATA LOSS TRENDS

© 2012 KPMG LLP, a UK limited liability partnership, is a subsi Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. P nited Kingdom.

8

2012 SECTOR TRENDS

1 Over 96% of data loss incidents in Media were attributed to Hacking in the first half of 2012.

2 Insurance sector number one at risk from Social Engineering and System/Human error in the first half of 2012.

3 Financial services have seen an 80% reduction in data loss by number of incidents in the last five years, but is still the fifth worst performing sector in the first half of 2012.


9

1

Insurance sector number one at risk from Social Engineering and System/Human error in the first half of 2012. 2Financial services have seen an 80% reduction in data loss by number of incidents in the last five years, but is still the fifth worst performing sector in the first half of 2012.3

Over 96% of data loss incidents in Media were attributed to Hacking in the first half of 2012. 4

Government has maintained relatively flat rates of data loss incident numbers since 2008, ranking either number one or number two as overall worst performing sector by total number of incidents over the last five years.

5 75% of data loss incidents in Retail were attributed to Hacking in the first half of 2012.

618.5 million people have been affected by PC theft. It represents around 1/3 of all data loss incidents in the Healthcare and Professional Services sectors in the first half of 2012.

2012 SECTOR TRENDS


10

2008 – 2012 A 5 YEAR VIEW


Total number of incidentsshow Technology,Financial services,Retail and Mediaas the worstperforming sectors

681 millionrecords/peopleaffected by Hacking asnumber one cause of data loss

11

Total number of incidentsshow Technology,Financial services,Retail and Mediaas the worstperforming sectors

681 millionrecords/peopleaffected by

number one cause of data loss

2008

J F M A

M J J A

S O N D

2009

J F M A

M J J A

S O N D

2010

J F M A

M J J A

S O N D

2011

J F M A

M J J A

S O N D

2012

J F M A

M J J A

S O N D

Hard Drivenumber oneportable mediaincident, but a growthin DVD/CD incidents

Healthcare sectorshows a sharp drop in the number of breaches in 2012

Hacking as

2008 – 2012 A 5 YEAR VIEW


12

SECTION TWO: CHARTS


13

By sector: number of incidents as a percentage where a third-party was involved for 2012

Healthcare

13%Education

12%

Professional services

14%

ervices

Insurance 3%Organization 1%Ind. Markets 2%Data Services 2%Other business sectors 12%

Media 2%Not for profit 3%

Law 2%Organization 1%

Government 6%

Retail 3%

Technology 17%

Financial services 9%


* January – June 2012

By sector: number of incidents as a percentage of total for 2012


Other business sectors

21.8%

Data services0.4%

Law

2.5%Insurance 1.2%Financial services 3.2%Not for profit 3.7%

Professional s

5.2%

Healthcare

7.9%

Media

8.3%

Retail

8.3%

Technology

8.6%

Education

12.6%

Government

16.4%

By cause: number of incidents as a percentage of total for 2012

Improper disposal Human/system error2% 4%

Portable media Web/networktheft/loss exposure

1% 4.6%

Hacking

67.2%

Unknown PC theft Malware

3% 4.8% 1.4%Hard copy theft/loss Fraud/social engineering

4.6% 7%

14

By cause: number of incidents as a percentage of total for 2012

By sector: number of incidents as a percentage of total for 2012

By sector: number of incidents as a percentage where a third-party was involved for 2012

Hacking

67.2%

Human/system error

4%Improper disposal

2%

Web/network exposure

4.6%

Portable media theft/loss

1%

Fraud/social engineering

7%Hard copy theft/loss

4.6%

Malware

1.4%PC theft

4.8%Unknown

3%

Government

16.4%

Education

12.6%

Insurance 3%Media 2% Organization 1%Not for profit 3%Ind. Markets 2%Law 2%Data Services 2%Organization 1% Other business sectors 12%

Government 6%Healthcare

13%Education

12%Financial 9%services

Retail 3%Professional services

14%Technology 17%

Technology

8.6%

Retail

8.3%

Media

8.3%

Healthcare

7.9%


5.2%

Law

2.5%

Data services0.4%

Insurance 1.2%

Not for profit 3.7%Financial services 3.2%


21.8%



15

Cause of data loss vs. Industry: number of incidents as a percentage of total for 2012 (January – June)

Government

7%

7%62%

14%

Healthcare

28%7%

8%

10% 18%

14%

Education

6%

6%

69%

Organization

94%


9% 32%

11%

11% 13%13%

Technology

8%

74%

Not for profit

8%

75%


16

Cause of data loss vs. Industry: number of incidents as a percentage of total for 2012 (January – June)

Government

62%

28%

32%

13% 74%

94%

75%

13%11%

11%

8%9%

8%

69%

6%

6%

18%

14%

10%

8%

7%

14%

7%

7%

Healthcare Education Financial services

8%35%

8%

8%

30%

Retail

12%

76%

Organization

Professional services Technology Media

98%

Insurance

8%8%

33%8%

17%

25%

Not for profit Law firms

7%7%

7%

11%

63%

Industrial markets

38%

63%


6%

7%

9%64%


Hacking

PC theft

Portable media

Human/system error

Web/network exposure

Fraud/social engineering

Malware

PC loss

Improper disposal

Hard copy loss/theft

Unknown

17

2008 – 2012 A FIVE YEAR VIEW


2008 2009 2010 2011 2012

0%

10%

20%

30%

50%

40%

60%

70%

80%

90%

100% By cause: number of external incidents as a percentage of total – five year trend

Insider – malicious

External

Insider – accidental

Insider – unknown

0%

5%

10%

20%

15%

25%

30%

2008 2009 2010 2011 2012

By sector (Worst five): number of incidentsas a percentage of total – five year trend

Government

Financial services

Education

Healthcare

Retail

0%5%

10%

20%

15%

25%30%

35%

40%

45%50%

2008 2009 2010 2011 2012

By portable media: number of portable media incidents as a percentage of total – five year trend

Hard drive

USB memory

Tape

Other

DVD/CD

Mobile device

18

By sector: number of records/people affected as a percentage of total since 2008 (to June 2012)

Other business sectors 1.1%

Dataservices

14.2%Not for 0.8% Industrial markets 1.5%Profit Organization 2%

Media

12.5%

Insurance 1.3%

Technology

23.6%

Professionalservices 0.7%

Retail 13.7%

Financial 14.8%services

Education 5.4%Healthcare 3.2%

Government 5.2%

By cause of data loss: number of records/people affected since 2008 (to June 2012)

Unknown 3.8%Fraud/social engineering

16%

Human/systemerror 0.8%Web/network exposure

10.4%

Hacking

65%

PC Loss 0.8% PC Theft 1%Portable media theft/loss 8%

Improper 0.1% Hard copy theft disposal or loss 0.7%


19

China0.5%

Other

24.5%

Netherlands

0.5%

Germ

any0.5%

India0.7%

Ireland0.7%

Australia1.2%

Japan1.2%

Canada 3.25%Great Britain 8.4%

U.S.A 75%

Oth

er8.1%

China 1.5%

Italy 1.8%

Spain1.9%

Venezuela

2%

Austra

lia2%

Indi

a2.

1%N

ethe

rland

s2.

2%C

anad

a4.

2%

U.K

. 10.1

%

U.S

.A.4

7.6%

GLOBAL CHARTS

2By country: number of incidents as a percentage of total for 2012 (January - June)

1By country: number of incidents as a percentage of total since 2008 (to June 2012)


20

12

6

By country: number of incidents as a percentage of total - five year trend

0%

20%

60%

40%

80%

100%

2008 2009 2010 2011 2012

81.5%80.3% 83.4% 69.8%

47.6%


U.S.A.

Great Britain

Canada

China

Germany

Australia

Ireland

India

Japan

Netherlands

Other

21

KPMG Contacts Contact Us

Malcom Marshall Partner, UK and Global Leader, Information Protection and Business Resilience

020 73115456 [email protected]

Stephen Bonner Partner, Financial Services, Information Protection and Business Resilience


Charlie Hosner Partner, Sectors, Information Protection and Business Resilience


The Data Loss Barometer is being replaced by KPMG’s Cyber Vulnerability Index, the first edition of which was published in July 2012, and is available at:

www.kpmg.com/uk/security

www.kpmg.com

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

© 2012 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. Printed in U.K.

The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.

RR Donnelley I RRD-276985 I November 2012 I Printed on recycled material.

mailto:[email protected]



http://www.kpmg.com/uk/security

http://www.kpmg.com

Data Loss Barometer - assets.kpmg · DATA LOSS BAROMETER A global insight into lost and stolen...

Documents

Transcript of Data Loss Barometer - assets.kpmg · DATA LOSS BAROMETER A global insight into lost and stolen...