Upload
charmaine-servado
View
25
Download
1
Embed Size (px)
Citation preview
1
China
0.5%N
etherlands0.5%
Germ
any0.5%
India0.7%
Ireland0.7%
Australia
1.2%
Japan1.2%
Canada3.25%
Great Britain
8.4%
U.S.A 75%
China 1.5%
Italy 1.8%
Spain 1.9%
Venezuela 2%
DATA LOSS BAROMETER
A global insight into lost and stolen information
KPMG’s Data Loss Barometer exposes the latest trends and statistics for globally lost
and stolen information in 2012. Over 82 countries are represented in 2012,
with over 96 countries represented over the last five years.
kpmg.com
2 3
THE METHODOLOGY
The Data Loss Barometer analyzes data loss incidents reported around the world since 2005. This data is sourced from Risk Based Security September 2012.
CONTENTS
KEY FINDINGS
SECTION ONE OVERVIEW
2012 DATA LOSS TRENDS
2012 SECTOR TRENDS
2008 – 2012 A FIVE YEAR VIEW
4
6
8
10
12
14
16
20
22
SECTION TWO CHARTS
2012 DATA LOSS TRENDS
2008 – 2012 A FIVE YEAR VIEW
GLOBAL CHARTS
4 5
KEY FINDINGS
£Hacking number one data loss threat
Healthcare sector shows significant improvement
Technology sector number one worst performing sector by number of people affected
Over the past five years, more than one billion people globally have been affected by data loss incidents. In the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents. Over the last five years, 60% of all incidents reported were due to Hacking.
The Healthcare sector, which previously struggled between 2010 and 2011 with the highest number of data loss incidents has shown dramatic improvement in 2012. The percentage of data loss incidents that affected the Healthcare sector has fallen from a high of 25% in 2010, to just 8% in 2012.
Over the last five years, the Technology sector, had fewer incidents than the Top Five worst performing sectors (Government, Healthcare, Education, Financial Services, and Retail) however, the percentage of people affected by incidents in that industry remains the highest; accounting for 26% of the total number of people affected.
Insurance sector number one at risk from Social Engineering and System/Human Error
First time in five years that insider threat has decreased and is at an all-time low
Overall data loss incidents return to similar levels as 2008
In the first half of 2012, the Insurance sector appears to be at greatest risk from Social Engineering attacks and System/Human Error incidents.
Surprisingly, for the first time over the last five years, the threat from malicious insiders has dropped from an average from previous years of 25% of total number of incidents, to an all-time low of 6.5% in 2012. Conversely, we see a dramatic rise of double the number of incidents from external sources in 2012 from 2010, accounting for 81% of total number of incidents. This could be because the rise in hacking has taken people’s eyes off the insider threat – KPMG has not seen an improvement in controls to prevent or detect insiders in the period.
Following a fall in reported incidents in 2009-2010 when compared to 2008, the trend has reversed with a higher number of incidents reported in 2011, and total incident numbers in 2012 almost returning to 2008 levels. This could be accounted for by a maturing regulatory environment where incidents are being identified and monitored more thoroughly, but is also likely to be a result of the dramatic increase in the sophistication and variety of attacks we have seen in the last 18 months.
6 7
SECTION ONE: OVERVIEW
8 9
and System/Human Errorfrom Social Engineering AT RISK number 1Insurance sector
367%of total incidents
a continued threat, Hacking
Government, Education,
Technology& WORSTaffected sectors for data loss
third parties are morecommonplace
in the sectorTechnology
1Personally identifiableinformation remainsthe number
lossdata
type
Data loss incidents
involving
External data losses
RISE 40%vs. previous year,
AFFECTING 160 MILLION PEOPLE
2012 DATA LOSS TRENDS
* January – June 2012
10 11
1Insurance sector number one at risk from Social Engineering and System/Human error in the first half of 2012. 2Financial services have seen an 80% reduction in data loss by number of incidents in the last five years, but is still the fifth worst performing sector in the first half of 2012.3
Over 96% of data loss incidents in Media were attributed to Hacking in the first half of 2012.
Government has maintained relatively flat rates of data loss incident numbers since 2008, ranking either number one or number two as overall worst performing sector by total number of incidents over the last five years.
475% of data loss incidents in Retail were attributed to Hacking in the first half of 2012.5
618.5 million people have been affected by PC theft. It represents around 1/3 of all data loss incidents in the Healthcare and Professional Services sectors in the first half of 2012.
2012 SECTOR TRENDS
12 13
Total number of incidentsshow Technology,Financial services,Retail and Mediaas the worstperforming sectors
681 millionrecords/peopleaffected by
number one cause of data loss
20092008 2010 2011 2012
J F M
N
M
DS O
J J
A
A
J F M
N
M
DS O
J J
A
A
J F M
N
M
DS O
J J
A
A
J F M
N
M
DS O
J J
A
A
J F M
N
M
DS O
J J
A
A
Hard Drive
in DVD/CD incidents
Healthcare sector shows a sharp drop in the
breaches in 2012
incident, but a growth
number oneportable media
number of Hacking as
2008 – 2012 A 5 YEAR VIEW
14 15
SECTION TWO: CHARTS
16 17
By cause: number of incidents as a percentage of total for 2012
By sector: number of incidents as a percentage of total for 2012
By sector: number of incidents as a percentage where a third-party was involved for 2012
Hacking
67.2%
Human/system error4%
Improper disposal2%
Web/network exposure
4.6%
Portable media theft/loss
1%
Fraud/social engineering
7%Hard copy theft/loss
4.6%
Malware
1.4%PC theft
4.8%Unknown
3%
Government16.4%
Education
12.6%Healthcare
13%Education
12%
Professional services
14%
Technology8.6%
Retail
8.3%
Media8.3%
Healthcare
7.9%
Professional services
5.2%
Law
2.5%
Data services0.4%
Insurance 1.2%
Not for profit 3.7%Financial services 3.2%
Insurance 3%Organization 1%
Other business sectors
21.8%
Ind. Markets 2%Data Services 2%Other business sectors 12%
Media 2%Not for profit 3%
Law 2%Organization 1%
Government 6%
Retail 3%
Technology 17%
Financial services 9%
2012 DATA LOSS TRENDS
* January – June 2012
18 19
Cause of data loss vs. Industry: number of incidents as a percentage of total for 2012 (January – June)
Human/system error Malware
Web/network exposure
Fraud/social engineering
PC loss
Hard copy loss/theft
Unknown
Hacking
PC theft
Portable media Improper disposal
Government
62%
28%
32%
13% 74%98%
94%
75% 63% 63% 64%
38%
11% 9%
7%
6%
33%
25%
17%
8%
8%8%
13%11%
11%
8%9%
8% 7%
7%7%
69%
35%
76%
12%
6%8%
8%
8%
6%
18%
14% 30%
10%
8%
7%
14%
7%
7%
Healthcare Education Financial services Retail
Organization
Professional services Technology MediaInsurance
Not for profit Law firms Industrial markets Other business sectors
20 21
Insider – malicious
External
Insider – accidental
Insider – unknown
By cause: number of external incidents as a percentage of total – five year trend
By sector (Worst five): number of incidentsas a percentage of total – five year trend
By portable media: number of portable media incidents as a percentage of total – five year trend
Hard drive
USB memory
Tape
Other
DVD/CD
Mobile device
Financial services
0%
5%
10%
20%
15%
25%
30%
2008 2009 2010 2011 2012
Government
Healthcare
Education
Retail
0%5%
10%
20%15%
25%30%35%40%
45%50%
2008 2009 2010 2011 2012
2008 2009 2010 2011 2012
0%
10%
20%
30%
50%
40%
60%
70%
80%
90%
100%
By sector: number of records/people affected as a percentage of total since 2008 (to June 2012)
By cause of data loss: number of records/people affected since 2008 (to June 2012)
Unknown 3.8%
0.8%
Other business sectors 1.1%
Industrial markets 1.5%Organization 2%
Insurance 1.3%
Professionalservices 0.7%
Education 5.4%
Financialservices 14.8%
Retail 13.7%
Government 5.2%
Human/systemerror
1%PC Theft
8%Portable media theft/loss
0.7%Hard copy theft or loss
Improper disposal 0.1%
PC Loss 0.8%
Not forProfit 0.8%
Healthcare 3.2%
Fraud/social engineering
16%
Dataservices
14.2%
Web/network exposure
10.4%Media
12.5%
Hacking
65%Technology
23.6%
2008 – 2012 A FIVE YEAR VIEW
22 23
China0.5%
Other
24.5%
Netherlands
0.5%
Germ
any0.5%
India0.7%
Ireland0.7%
Australia1.2%
Japan1.2%
Canada 3.25%Great Britain 8.4%
U.S.A 75%
Other
8.1%
China 1.5%
Italy 1.8%
Spain1.9%
Venezuela
2%
Austra
lia2%
Indi
a2.
1%N
ethe
rland
s2.
2%C
anad
a4.
2%
U.K
. 10.
1%
U.S
.A.4
7.6%
2
1
By country: number of incidents as a percentage of total for 2012 (January - June)
By country: number of incidents as a percentage of total since 2008 (to June 2012)
GLOBAL CHARTS
12
6
U.S.A.
Ireland
India
Japan
Netherlands
Other
Great Britain
Canada
China
Germany
Australia
By country: number of incidents as a percentage of total - five year trend
0%
20%
60%
40%
80%
100%
2008 2009 2010 2011 2012
81.5%80.3% 83.4% 69.8%
47.6%
24
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
© 2012 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. Printed in U.K.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.
RR Donnelley I RRD-276985 I November 2012 I Printed on recycled material.www.kpmg.com
This will be the final edition of KPMG’s Data Loss Barometer. In future we will be publishing KPMG’s Cyber Vulnerability Index bi-annually; the first edition was published in July 2012.
For more information visit www.kpmg.com/uk/security
KPMG Contacts and Acknowledgements
We would like to thank all of our contributors to the survey, in particular members of the project and editorial team:
Bona Boraliu
Lisa Mitchell
Charmaine Servado
Martin Tyley
Contact Us
Malcom Marshall Global Partner, Information Protection and Business Resilience
020 73115456 [email protected]
Stephen Bonner Partner, Financial Services, Information Protection and Business Resilience
020 76941644 [email protected]
Charlie Hosner Partner, Corporates, Information Protection and Business Resilience
020 76945801 [email protected]