Corporate data losses hit the highest levels since 2008 as companies work to improve data security strategies against a greater variety of more sophisticated IT attacks.
Data loss attacks affected more than one billion people in the last five years and more than 60 percent of those incidents were the result of hacking, according to the Data Loss Barometer report from KPMG that analyzed incidents since 2005 across industries, types of data loss and global regions.
According to the report, data loss threats have risen substantially with the use of mobile devices for business purposes and personally identifiable information continues to be the top data loss type.
Industries such as health care and professional services, which maintain the largest databases of personal information, saw 18.5 million people affected by PC theft, which accounted for one-third of all data loss incidents in those sectors for the first half of 2012.
“Hard drives continue to be the number one target for portable media data loss, but we have seen a big increase in incidents around DVDs and CDs, as well,” said Greg Bell, a partner at KPMG LLP. “The volume of company data stored on personal and mobile devices needs to be a major consideration when devising a comprehensive security plan.”
Depending on the type of data loss, an incident can be a major risk to a company’s revenue or reputation. Senior management and boards now have to weigh the threat of exposure according to which data loss would have the largest impact on the company and employ security measures as appropriate, according to the report’s findings.
“If a laptop with a formula for a new cancer drug is stolen, it could have the potential for a billion dollar loss to a company’s future revenue; but if a laptop is lost with health records for two million patients, that could be a reputational mark from which they can’t recover,” Bell said. “Executives and boards need to be a part of the discussion around the most effective way to protect this information from all types of loss because it could mean unrecoverable damage to a firm.”