7Safe recently released the UK Security Breach Investigations Report 2010, a report covering 62 data breaches investigated over 18 months. Though this is a small sample size, the data does yield some interesting results that could help companies examine their own data security practices.
Highlights from the report:
- 69% of organizations suffering breaches were retailers. Finance was second most common.
- 66% of organizations had <100 employees
- Payment card data was compromised in 85% of cases (in all, they were not PCI DSS compliant at the time)
- 80% of attacks on data came from sources external to the organization (SQL injection the most common attack)
- 86% of compromises came from attacks on applications, with just 14% on the IT infrastructure
- Intellectual property was stolen in only 3% of organizations
You can see, from looking at the above data, that basic security requirements, like those of PCI DSS, do prevent data loss. In all the breach cases that payment card data was compromised, companies had no more than half the base requirements of the standard.