Hacking has topped human error as the top cause of reported data breaches for the first time since such tracking began in 2007, according to the Identity Theft Resource Center’s 2009 Breach Report.
In its report, titled “Data Breaches: The Insanity Continues,” the non-profit ITRC found that 19.5 percent of reported breaches were due to hacking, with insider theft as the second most common cause at 16.9 percent. For the past two years, “data on the move,” a typically human-error loss of a portable devices such as laptops or even briefcases, was the most common reported cause.
Read more on PCWorld.
Analyses of 2009 data conducted by ITRC are linked from their press release, here. As I had commented earlier, breach reports in 2009 were down compared to 2008, but interpreting what appears to be a decrease is fraught with difficulty as there are too many unknowns. OSF’s Dave Shettler also addressed the apparent decrease, citing some of the same possibilities I had, but throwing in solar flares for good measure. With respect to the apparent decline, ITRC says:
Are data breaches increasing or decreasing? That is the question no one can answer. This fact will not change until there is a single data breach list requiring mandatory public reporting. With some breaches not being reported publicly, and some state Attorneys General not allowing public access to reported breaches, we doubt that anyone is in a position to answer the question above. When we allow laws to be created requiring breach reporting but not disclosure, and provide minimal enforcement or penalty for non-compliance, we can expect a lack of public disclosure. Counting breaches becomes an exercise in insanity.