[Dataloss] How Are U.S. Businesses and Lawmakers Responding to Data Breaches?

security curmudgeon jericho at attrition.org
Thu Oct 25 03:11:31 UTC 2007



---------- Forwarded message ----------
From: Paul Ferguson <fergdawg at netzero.net>

Via Wall Street & Technology.

[snip]

There were 305 publicized data breaches affecting nearly 77 million 
individuals in the United States in the first nine months of 2007, 
according to the Identity Theft Resource Center, a nonprofit that works to 
prevent identity theft. Of these incidents, 6.2 percent were reported by 
banking, credit and financial services institutions.

Law firm Scott + Scott, which recently conducted a separate survey on data 
breaches with privacy and information management research firm The Ponemon 
Institute, reports that almost half the data breaches it recorded were 
attributed to lost or stolen equipment, such as laptops, PDAs and memory 
sticks. The second largest threat, according to the Colchester, 
Conn.-based firm, arose from negligent employees, temporary employees 
and/or contractors. The survey, "The Business Impact of Data Breach," 
examined the responses of more than 700 U.S.-based C-level executives, 
managers and IT security officers in midsize to large businesses spanning 
all industries.

But despite the frequency of such security failures, 42 percent of 
respondents to the Scott + Scott survey whose companies have suffered data 
breaches claimed their organization's IT security spending will remain the 
same in the coming year. Even after suffering a data breach, 46 percent of 
businesses failed to implement encryption solutions, and 82 percent did 
not seek legal counsel prior to responding to the incident -- even though 
they had no prior response plan in place.

[snip]

More:
http://www.wallstreetandtech.com/feed/showArticle.jhtml?articleID=202600763


More information about the Dataloss mailing list