14 DAY TRIAL // Verizon has published its 2011 Data Breach Investigations Report revealing a huge 97% decline of lost records volume despite a similarly impressive increase in the number of incidents.
The report, issued in collaboration with the United States Secret Service and the Dutch High Tech Crime Unit, analyzed 761 data breach incidents that occurred in 2010.
In 2009, the report only included data from 141 incidents, but Wade Baker, Verizon Business' Director of Risk Intelligence, explained that this year the Secret Service contributed information on 600 incidents.
This accounts for the increase in the number of analyzed data breaches, but it certainly doesn't explain why the number of exposed records dropped from 144 million to just 4 million in the course of a single year.
According to Baker, some possible theories include the lack of large scale breaches like the TJX incident and the fact that some of the most prominent data thieves, such as Albert Gonzales, have been jailed.
It seems that declines were registered across the board. The percentage of insider attacks dropped from 31% to 17%, the number of breaches stemming from privilege misuse from 48% to 17%, and that of social engineering scams from 17% to 11%.
Some mega breaches, like the one recently announced by email marketing provider Epsilon, which resulted in the leaking of tens of millions of email addresses, are not included in this report and will only show up next year.
The fact that most data breaches analyzed in 2010 involved banks and financial services firms might also have contributed to the report's discrepancy with what is generally observed. Such organizations have taken significant steps to improve their data handling and security practices and might no longer be representative for the entire business world.
Nevertheless Verizon's findings reflect those of data protection provider Imperva, which reported earlier this year that data breach incidents have doubled in number but resulted in 93% less exposed records.