Today appears to be the day to release data breach reports. Major studies from three very different entities hit the presses today:
- Verizon's 2011 Data Breach Investigations, a study conducted by the Verizon RISK Team with cooperation from the U.S. Secret Service and the Dutch High Tech Crime Unit.
- Imperva and the Ponemon Institute's 2011 PCI DSS Compliance Trends Study, which surveyed 670 US and multinational IT security practitioners on how efforts to comply with PCI-DSS affect an organization's data protection and security.
- Veracode's State of Software Security Report:The Intractable Problem of Insecure Software, a semi-annual report that draws upon Veracode's analysis of code and applications within its cloud-based application risk management services platform.
The reports collectively provide a sweeping view of data breach issues. Combining intelligence from the three, here are some striking facts:
The studies are definitely worth a read to get a better sense of the perceptions and realities of data breaches.
- 92 percent of data breaches stem from outsiders while 17 percent of attacks implicated insiders.
- The number of respondents in one study that reported their organization had a data breach in the last 2 years was 85 percent, with many reporting two to five incidents in that time frame.
- About half of respondents were unsure about the impact of Payment Card Industry's (PCI) Data Security Standards (DSS) compliance on data breach, which suggests that standards are not motivating confidence in a number of users.
- Almost half of applications fail to meet acceptable security quality and more than eight out of 10 web applications are lacking. Not suprisingly, the finance and software industries were most likely to hold software supplier accountable, with the aerospace and defense industries starting to follow suit.