The folks over at Verizon’s Business RISK team have published a report on the results of over 500 data breach investigations they’ve done over a four year period.
The Data Breach Investigations Report page has links for downloading a pdf copy of the report, as well as for a webinar where it was discussed by some of the participants.
Key statistics in the “Who is behind data breaches” category:
73% resulted from external sources
18% were caused by insiders
39% implicated business partners
30% involved multiple parties
Here’s some food for thought from the “What commonalities exist” category:
66% involved data the victim did not know was on the system
75% of breaches were not discovered by the victim
83% of attacks were not highly difficult
85% of breaches were the result of opportunistic attacks
87% were considered avoidable through reasonable controls