2012 Data Breach Investigations Report

The 2012 Data Breach Investigations Report has just been released by Verizon. As with previous reports, the report aims to understand the underlying issues of major data breaches for the year. This year, the report has been supplemented with contributions from law enforcement agencies in order to increase the awareness of global cybercrime. To that end, this report also looks at breaches from 22 additional countries over the previous year.

The 2012 report looks at 855 confirmed security breaches that affected 174 compromised records in 36 countries around the world; the 8 years of reports now includes over one billion compromised records from 2500+ breaches.

Key highlights from the report:

• 70% of breaches originated in Eastern Europe; 25% of breaches originated in North America
• Most data breaches were caused by external attacks (organized crime, activist groups, former employees, lone hackers, organizations sponsored by foreign governments)
• Hacktivism was a factor in more than half the data breaches
• Hacking and malware both were on the rise (81% and 69% vs 50% and 49% in 2010)
• Insider incidents declined to 4% of all attacks this year
• Third parties detected 92% of all breaches
• 95% of records lost included personal information (up from 1% in 2010)

One of the most significant pieces of data regards the ability of companies to detect breaches - with only 8% of breaches being internally discovered, companies are left unaware of the state of their data. It is very risky to rely on outside observation for the detection of data breaches.

As many of the highlights report, there has been a significant shift to targeted attacks specifically looking for personally identifiable information (PII). Companies need to step up their analysis of event logs and data monitoring and establish stronger security controls in order to defend against these breaches. For more, read the press release and report.