Hundreds of data breach notifications were mailed out last year with statements like “Protecting our customers’ personal information is our top priority” and “We regret that this isolated incident occurred” and “We’re using this isolated incident as an opportunity to reexamine our information security policies”. So we know we can trust those people and feel secure that that “isolated incident” was a one-time, rare occurrence, right?
Wrong. There were 656 reported data breaches in 2008, compared to 446 in 2007. That’s a whole lot of isolated incidents.
The good people at Identity Theft Resource Center were kind enough to track that information for us again last year, and provide comparisons to each industries' security performance relative to those of 2007 and 2006.
Though the overall news was grim, over the last two years the educational and governmental/military categories showed significant improvement. Educational entities accounted for 28% of the info leaks in ’06, but only 20% in ’08. Governmental/military agencies contributed to 30% of the ’06 breaches, but only 16.8 of last year’s breaches. Way to go USA!
Unfortunately, the business community gave up our personal and financial information more times than any of the others last year. Private industry tallied up 240 of the 656 reported breaches, a whopping 36.6% of the total. In 2006 they accounted for only 21% of the information security failures.
With fewer employees and less money for security enhancements in 2009, it’s a sure bet that business managers aren’t going to make any significant improvements in their shameful record of information protection.
There is, however, reason for hope. New legislation imposing fines on those who fail to follow information security standards might encourage the business community to tighten up.