Check Point and the Ponemon Institute released the results of a new survey today. From their press release:
77 percent of organizations surveyed have experienced data loss in the last year. Key findings from the report, “Understanding Security Complexity in 21st Century IT Environments,” show respondents cited customer information (52%) as the most common type of information compromised — in addition to intellectual property (33%), employee information (31%) and corporate plans (16%). With the adoption of Web 2.0 applications and more mobile devices connecting to the network, organizations are challenged with enforcing better data security and IT Governance, Risk and Compliance (GRC) requirements.
According to the survey of over 2,400 IT security administrators, the primary cause for data loss resulted from lost or stolen equipment, followed by network attacks, insecure mobile devices, Web 2.0 and file-sharing applications and accidentally sending emails to the wrong recipient. In addition, approximately 49 percent of all respondents believe their employees have little or no awareness about data security, compliance and policies — encouraging business to integrate more user awareness into their data protection strategies, as people are often the first line of defense.
[…]
The survey, “Understanding Security Complexity in 21st Century IT Environments,” was independently conducted by the Ponemon Institute in February 2011, surveying IT security administrators located in the U.S., U.K. France, Germany and Japan. The survey sample represents organizations of all sizes and across 14 different industries. For more information about Check Point DLP or access to the full report, visit: http://www.checkpoint.com/products/dlp-software-blade/index.html.
Okay, let’s do the math. 77% of 2400 organizations = 1848 organizations that had data loss from their sample. If half of those losses involved customer data, that’s 924. Did we have 924 data breach disclosures last year from their sample? And that’s without counting the ones where employee data were compromised. It would appear that the media or sites that track breaches did not find out about most of these breaches. And that’s just from one sample. Hmmmm….