Hundreds of millions of pieces of personal information are exposed in data breaches every year, and unfortunately for those who are victimized by such incidents, it seems that nearly all of them were easily preventable.
In a study of nearly 1,500 data breaches suffered last year and tracked by the Open Security Foundation - a total that was up 35 percent from 2011 - it was found that there were about 242.6 million records exposed last year alone, according to a new study by the nonprofit Online Trust Alliance. However, some 97 percent of those investigated would not have taken place if the organization responsible for protecting the data that ended up being exposed had adopted industry standard best practices for safeguarding it, including having internal controls. In all, only 26 percent of breaches examined were the result of either internal threats by knowing employees or accidental exposure.
"Organizations of all sizes and in both the public and private sectors have an obligation to make privacy and data protection part of their value proposition," said Craig Spiezle, executive director and president for the Online Trust Alliance. "Being stewards of data and having a comprehensive data breach plan is the responsibility of every executive, who otherwise puts consumers, employees, companies and shareholders at an unacceptable risk."
There is also financial incentive for businesses to adopt these best practices, with the most obvious being the cost of mitigation following such an incident, the report said. Last year alone, organizations that suffered data breaches paid some $8 billion to cover associated costs. Of course, it's not just businesses that were hit by these incidents, the report said. In all, 43 percent of these breaches affected non-business organizations.
One of the biggest problems that can cause these incidents is that many workers are now storing sensitive private data on personal devices they bring with them to and from work, significantly increasing the chances of exposure in the real world, the report said. As such, more controls likely have to be put in place to make sure this data is properly protected.
The IDentity Theft 911 blog has a wealth of information about the ways in which data breaches can affect both consumers and organizations, including what can be done to prevent these incidents, and how to better protect victims in the wake of them.
