Post on 01-Aug-2020
transcript
1
Ch
ina
0.5%N
etherlan
ds
0.5%G
ermany
0.5%In
dia
0.7%
Ireland
0.7%
Australia
1.2%
Japan1.2%
Canada
3.25%
Great Britain
8.4%
U.S.A 75%
China 1.5%
Italy 1.8%
Spain 1.9%
Venezuela 2%
Australia 2%
2.1%
DATA LOSS BAROMETER
A global insight into lost and stolen information
KPMG’s Data Loss Barometer exposes the latest trends and statistics for globally lost
and stolen information in 2012. Over 82 countries are represented in 2012,
with over 96 countries represented over the last five years.
kpmg.com
2
CONTENTS
KEY FINDINGS 3
SECTION ONE 5OVERVIEW
2012 6DATA LOSS TRENDS
2012 8SECTOR TRENDS
2008 – 2012 10A FIVE YEAR VIEW
SECTION TWO 12CHARTS
2012 13DATA LOSS TRENDS
2008 – 2012 17A FIVE YEAR VIEW
GLOBAL CHARTS 19
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
ACKNOWLEDGEMENTS
We would like to thank Risk Based Security for providing the data used in the Data Loss Barometer. In addition, we would like to thank the following project team members for their contribution:
Bona Boraliu Charmaine Servado
Lissa MitchellMartin Tyley
3
KEY FINDINGS
Hacking number one data loss threatOver the past five years, more than one billion people globally have been affected by data loss incidents. In the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents. Over the last five years, 60% of all incidents reported were due to Hacking.
Healthcare sector shows significant improvementThe Healthcare sector, which previously struggled between 2010 and 2011 with the highest number of data loss incidents has shown dramatic improvement in 2012. The percentage of data loss incidents that affected the Healthcare sector has fallen from a high of 25% in 2010, to just 8% in 2012.
Technology sector number one worst performing sector by number of people affectedOver the last five years, the Technology sector, had fewer incidents than the Top Five worst performing sectors (Government, Healthcare, Education, Financial Services, and Retail) however, the percentage of people affected by incidents in that industry remains the highest; accounting for 26% of the total number of people affected.
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
4
KEY FINDINGS
£Hacking number one data loss threat
Healthcare sector shows significant improvement
Technology sector number one worst performing sector by number of people affected
Over the past five years, more than one billion people globally have been affected by data loss incidents. In the last two years, there has been a jump of 40% in the number of publicly disclosed data loss incidents. Over the last five years, 60% of all incidents reported were due to Hacking.
The Healthcare sector, which previously struggled between 2010 and 2011 with the highest number of data loss incidents has shown dramatic improvement in 2012. The percentage of data loss incidents that affected the Healthcare sector has fallen from a high of 25% in 2010, to just 8% in 2012.
Over the last five years, the Technology sector, had fewer incidents than the Top Five worst performing sectors (Government, Healthcare, Education, Financial Services, and Retail) however, the percentage of people affected by incidents in that industry remains the highest; accounting for 26% of the total number of people affected.
Insurance sector number one at risk from Social Engineering and System/Human ErrorIn the first half of 2012, the Insurance sector appears to be at greatest risk from Social Engineering attacks and System/Human Error incidents.
First time in five years that insider threat has decreased and is at an all-time lowSurprisingly, for the first time over the last five years, the threat from malicious insiders has dropped from an average from previous years of 25% of total number of incidents, to an all-time low of 6.5% in 2012. Conversely, we see a dramatic rise of double the number of incidents from external sources in 2012 from 2010, accounting for 81% of total number of incidents. This could be because the rise in hacking has taken people’s eyes off the insider threat – KPMG has not seen an improvement in controls to prevent or detect insiders in the period.
Overall data loss incidents return to similar levels as 2008Following a fall in reported incidents in 2009-2010 when compared to 2008, the trend has reversed with a higher number of incidents reported in 2011, and total incident numbers in 2012 almost returning to 2008 levels. This could be accounted for by a maturing regulatory environment where incidents are being identified and monitored more thoroughly, but is also likely to be a result of the dramatic increase in the sophistication and variety of attacks we have seen in the last 18 months.
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
5
SECTION ONE: OVERVIEW
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
6
2012 DATA LOSS TRENDS
* January – June 2012
and System/Human Errorfrom Social Engineering AT RISK number 1Insurance sector
3
Government, Education,
Technology& WORSTaffected sectors for data loss
ird parties re moremmonplace
in the sectorTechnology
1Personally identifiableinformation remains
the number
lossdata
type
a loss incidents
nvolvingthaco
Dat
i
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
6a continued thr
of total
7%eat,
incidents
Hacking
External data losses
RISE 40%vs. previous year,
AFFECTING 160 MILLION PEOPLE
7
and System/Human Errorfrom Social Engineering AT RISK number 1Insurance sector
3third parties are morecommonplace
in the sectorTechnology
Data loss incidents
involving
Government, Education,
Technology& WORSTaffected sectors for data loss
67%of total incidents
a continued threat, Hacking
1Personally identifiableinformation remains
the number
lossdata
type
diary of KPMG rinted in the U
External data losses
RISE 40%vs. previous year,
AFFECTING 160 MILLION PEOPLE
2012DATA LOSS TRENDS
© 2012 KPMG LLP, a UK limited liability partnership, is a subsi Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. P nited Kingdom.
8
2012 SECTOR TRENDS
1 Over 96% of data loss incidents in Media were attributed to Hacking in the first half of 2012.
2 Insurance sector number one at risk from Social Engineering and System/Human error in the first half of 2012.
3 Financial services have seen an 80% reduction in data loss by number of incidents in the last five years, but is still the fifth worst performing sector in the first half of 2012.
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
9
1
Insurance sector number one at risk from Social Engineering and System/Human error in the first half of 2012. 2Financial services have seen an 80% reduction in data loss by number of incidents in the last five years, but is still the fifth worst performing sector in the first half of 2012.3
Over 96% of data loss incidents in Media were attributed to Hacking in the first half of 2012. 4
Government has maintained relatively flat rates of data loss incident numbers since 2008, ranking either number one or number two as overall worst performing sector by total number of incidents over the last five years.
5 75% of data loss incidents in Retail were attributed to Hacking in the first half of 2012.
618.5 million people have been affected by PC theft. It represents around 1/3 of all data loss incidents in the Healthcare and Professional Services sectors in the first half of 2012.
2012 SECTOR TRENDS
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
10
2008 – 2012 A 5 YEAR VIEW
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
Total number of incidentsshow Technology,Financial services,Retail and Mediaas the worstperforming sectors
681 millionrecords/peopleaffected by Hacking asnumber one cause of data loss
11
Total number of incidentsshow Technology,Financial services,Retail and Mediaas the worstperforming sectors
681 millionrecords/peopleaffected by
number one cause of data loss
2008
J F M A
M J J A
S O N D
2009
J F M A
M J J A
S O N D
2010
J F M A
M J J A
S O N D
2011
J F M A
M J J A
S O N D
2012
J F M A
M J J A
S O N D
Hard Drivenumber oneportable mediaincident, but a growthin DVD/CD incidents
Healthcare sectorshows a sharp drop in the number of breaches in 2012
Hacking as
2008 – 2012 A 5 YEAR VIEW
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
12
SECTION TWO: CHARTS
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
13
By sector: number of incidents as a percentage where a third-party was involved for 2012
Healthcare
13%Education
12%
Professional services
14%
ervices
Insurance 3%Organization 1%Ind. Markets 2%Data Services 2%Other business sectors 12%
Media 2%Not for profit 3%
Law 2%Organization 1%
Government 6%
Retail 3%
Technology 17%
Financial services 9%
2012 DATA LOSS TRENDS
* January – June 2012
By sector: number of incidents as a percentage of total for 2012
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
Other business sectors
21.8%
Data services0.4%
Law
2.5%Insurance 1.2%Financial services 3.2%Not for profit 3.7%
Professional s
5.2%
Healthcare
7.9%
Media
8.3%
Retail
8.3%
Technology
8.6%
Education
12.6%
Government
16.4%
By cause: number of incidents as a percentage of total for 2012
Improper disposal Human/system error2% 4%
Portable media Web/networktheft/loss exposure
1% 4.6%
Hacking
67.2%
Unknown PC theft Malware
3% 4.8% 1.4%Hard copy theft/loss Fraud/social engineering
4.6% 7%
14
By cause: number of incidents as a percentage of total for 2012
By sector: number of incidents as a percentage of total for 2012
By sector: number of incidents as a percentage where a third-party was involved for 2012
Hacking
67.2%
Human/system error
4%Improper disposal
2%
Web/network exposure
4.6%
Portable media theft/loss
1%
Fraud/social engineering
7%Hard copy theft/loss
4.6%
Malware
1.4%PC theft
4.8%Unknown
3%
Government
16.4%
Education
12.6%
Insurance 3%Media 2% Organization 1%Not for profit 3%Ind. Markets 2%Law 2%Data Services 2%Organization 1% Other business sectors 12%
Government 6%Healthcare
13%Education
12%Financial 9%services
Retail 3%Professional services
14%Technology 17%
Technology
8.6%
Retail
8.3%
Media
8.3%
Healthcare
7.9%
Professional services
5.2%
Law
2.5%
Data services0.4%
Insurance 1.2%
Not for profit 3.7%Financial services 3.2%
Other business sectors
21.8%
2012 DATA LOSS TRENDS
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
15
Cause of data loss vs. Industry: number of incidents as a percentage of total for 2012 (January – June)
Government
7%
7%62%
14%
Healthcare
28%7%
8%
10% 18%
14%
Education
6%
6%
69%
Organization
94%
Professional services
9% 32%
11%
11% 13%13%
Technology
8%
74%
Not for profit
8%
75%
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
16
Cause of data loss vs. Industry: number of incidents as a percentage of total for 2012 (January – June)
Government
62%
28%
32%
13% 74%
94%
75%
13%11%
11%
8%9%
8%
69%
6%
6%
18%
14%
10%
8%
7%
14%
7%
7%
Healthcare Education Financial services
8%35%
8%
8%
30%
Retail
12%
76%
Organization
Professional services Technology Media
98%
Insurance
8%8%
33%8%
17%
25%
Not for profit Law firms
7%7%
7%
11%
63%
Industrial markets
38%
63%
Other business sectors
6%
7%
9%64%
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
Hacking
PC theft
Portable media
Human/system error
Web/network exposure
Fraud/social engineering
Malware
PC loss
Improper disposal
Hard copy loss/theft
Unknown
17
2008 – 2012 A FIVE YEAR VIEW
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
2008 2009 2010 2011 2012
0%
10%
20%
30%
50%
40%
60%
70%
80%
90%
100% By cause: number of external incidents as a percentage of total – five year trend
Insider – malicious
External
Insider – accidental
Insider – unknown
0%
5%
10%
20%
15%
25%
30%
2008 2009 2010 2011 2012
By sector (Worst five): number of incidentsas a percentage of total – five year trend
Government
Financial services
Education
Healthcare
Retail
0%5%
10%
20%
15%
25%30%
35%
40%
45%50%
2008 2009 2010 2011 2012
By portable media: number of portable media incidents as a percentage of total – five year trend
Hard drive
USB memory
Tape
Other
DVD/CD
Mobile device
18
By sector: number of records/people affected as a percentage of total since 2008 (to June 2012)
Other business sectors 1.1%
Dataservices
14.2%Not for 0.8% Industrial markets 1.5%Profit Organization 2%
Media
12.5%
Insurance 1.3%
Technology
23.6%
Professionalservices 0.7%
Retail 13.7%
Financial 14.8%services
Education 5.4%Healthcare 3.2%
Government 5.2%
By cause of data loss: number of records/people affected since 2008 (to June 2012)
Unknown 3.8%Fraud/social engineering
16%
Human/systemerror 0.8%Web/network exposure
10.4%
Hacking
65%
PC Loss 0.8% PC Theft 1%Portable media theft/loss 8%
Improper 0.1% Hard copy theft disposal or loss 0.7%
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
19
China0.5%
Other
24.5%
Netherlands
0.5%
Germ
any0.5%
India0.7%
Ireland0.7%
Australia1.2%
Japan1.2%
Canada 3.25%Great Britain 8.4%
U.S.A 75%
Oth
er8.1%
China 1.5%
Italy 1.8%
Spain1.9%
Venezuela
2%
Austra
lia2%
Indi
a2.
1%N
ethe
rland
s2.
2%C
anad
a4.
2%
U.K
. 10.1
%
U.S
.A.4
7.6%
GLOBAL CHARTS
2By country: number of incidents as a percentage of total for 2012 (January - June)
1By country: number of incidents as a percentage of total since 2008 (to June 2012)
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
20
12
6
By country: number of incidents as a percentage of total - five year trend
0%
20%
60%
40%
80%
100%
2008 2009 2010 2011 2012
81.5%80.3% 83.4% 69.8%
47.6%
© 2012 KPMG LLP, a UK limited liability partnership, is a subsidiary of KPMG Europe LLP and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative, a Swiss entity. All rights reserved. Printed in the United Kingdom.
U.S.A.
Great Britain
Canada
China
Germany
Australia
Ireland
India
Japan
Netherlands
Other
21
KPMG Contacts Contact Us
Malcom Marshall Partner, UK and Global Leader, Information Protection and Business Resilience
020 73115456 malcolm.marshall@kpmg.co.uk
Stephen Bonner Partner, Financial Services, Information Protection and Business Resilience
020 76941644 stephen.bonner@kpmg.co.uk
Charlie Hosner Partner, Sectors, Information Protection and Business Resilience
020 76945801 charles.hosner@kpmg.co.uk
The Data Loss Barometer is being replaced by KPMG’s Cyber Vulnerability Index, the first edition of which was published in July 2012, and is available at:
www.kpmg.com/uk/security
www.kpmg.com
The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.
© 2012 KPMG International Cooperative (“KPMG International”), a Swiss entity. Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm. All rights reserved. Printed in U.K.
The KPMG name, logo and “cutting through complexity” are registered trademarks or trademarks of KPMG International.
RR Donnelley I RRD-276985 I November 2012 I Printed on recycled material.