Following our analysis of the 2010 report and the 2009 report, the 2011 report shows that the total number of data breaches reached an all-time high in 2010 with 760 breaches. However, the breaches mostly affected smaller record numbers (<10,000), dropping the number of compromised records from 144 million in 2009 to 4 million in 2010. Due to the record number of actual breaches, businesses should not consider the drop in compromised records a "win." Rather, this is a change of tactics by cybercriminals:
"They are engaging in small, opportunistic attacks rather than large-scale, difficult attacks and are using relatively unsophisticated methods to successfully penetrate organizations. For example, only 3 percent of breaches were considered unavoidable without extremely difficult or expensive corrective action."
Of interest, because of the change in tactics, there was a big jump in the number of breaches caused by outsiders (92%). The percentage of insider attacks decreased to 16% versus 49%, but this is misleading because the total number of insider attacks actually remained relatively constant.
The data shows that physical attacks and stolen passwords / credentials are both serious areas of concern. For the rest of the report, and enterprise recommendations, read here.