Does Organizational Size Determine Data Breach Frequency?

The table discussed in this post is found on page 11 of the Verizon 2010 Data Breach Investigations Report.

According to the table, the highest percentage of data breaches occurs in to 1,001 to 10,000 employee firm. The report makes a key point of noting that it’s possible and logical that organizational size has little affect on the possibility of suffering a data breach. The probability of a breach is more correlated with the value of information in a firm rather than the number of employees. Surprisingly, firms with over 100,000 employees have the lowest percentage of data breaches. I infer that these massive corporations put an incredible amount of resources into data loss prevention, maintenance and corporate technology policies that drive the low data breach rates. Similarly, a smaller, 1-10 employee firm with little valuable data does not have the need or resources for an expensive data loss prevention strategy. The conclusion is, as the report states, the size of the organization has a minor impact on the rate of data breaches. The real driver of data leakage is the type of information stored within the network. If your organization has valuable information, it is prudent to develop a secure Data Loss Prevention Strategy.

Verizon 2010 Data Breach Investigations Report Discussion

 Verizon 2010 Data Breach Report PDF


The 2010 Data Breach Investigations Report is an analysis of data from actual breach cases worked on by Verizon and the US Secret Service. The results of the report should be required reading for all IT professionals as well as anyone interested in the current state of corporate data breaches, IT security and cyber-crime.

The 2010 dataset includes 141 breach cases worked in 2009 by Verizon and the US Secret Service. The amount of data records compromised in these studies is over 143 million. The sheer amount of data provides a solid set for analysis.
Over the next few weeks, in related posts, we will discuss some of reports main points.

Demographics of Data Breaches

Out of the 141 confirmed cases, the top three industries, based on breach incidents, are Financial Services, Hospitality and Retail. Not surprisingly, 94% of all compromised records were attributed to Financial Services. It is concluded that the financial service industry has the highest value information and also the largest volume of high value information. The Hospitality and Retail industries are increasing targets because of their Point of Sale systems and consumers reliance on payment cards. The number of breaches for the Hospitality and Retail industry will only increase as more electronic data is transacted and stored. It is up to these industries to adopt more stringent protection policies of their customer’s data.

Geographically, the U.S. has the highest reported incidences of data breaches. It is not surprising given the vast amount of international and domestic financial transactions taking place daily in the U.S. The authors of the report also highlight a key reason for the reported U.S. cases:

“The reason we hear more about data beaches in the U.S. stems from mandatory disclosure laws. Outside the U.S. breach disclosure differs significantly. Some countries are still silent on the matter, others encourage it but don’t require, and some even discourage disclosure. (9)"

The report notes that in the past two years the international caseload has increased consistently in Asian-Pacific and Western-European countries.

U.S. businesses are responsible for large amounts of confidential information. As the report points out, much data breach risk can be removed by establishing usage policies that are pro-active and constantly maintained. This requires constant support by each person in the organization, as a chain is only as strong as its weakest link.

All information sourced from  Verizon 2010 Data Breach Report PDF

Website Redesign Completed with Test Drive Function!

We are excited to announce the completion of our website redesign. We added some major features in order to better showcase the power of NetSentry Live. Our favorite addition is the ability to “Test Drive” NetSentry Live without an install, directly from our home page. It runs through a browser and you have full access to all functions of the retail software. This is an incredible opportunity to discover NetSentry Live without committing to a trial.

The potential of the program is limitless, but at first it might seem overwhelming. We recommend you start by downloading a few chat, email or web traffic logs. NetSentry Live is a workhorse and fully reconstructs all packets into original content, as the user viewed it. Whether it is a confidential document, internet video, illicit image or FTP transfer, everything is visible to NetSentry Live.

After downloading logs, move onto the alerts and reports tab where the real results can be seen. Alerts are invaluable spies on your network, constantly watching for keywords, file names, extensions or specific user activity. For a company worried about network activity on any level, the combination of alerts and reports creates a powerful virtual IT department. But don’t just take our word for it. Visit http://www.netsentry.us/trial/test-drive.html and follow the directions to explore this productivity enhancing, cost cutting tool.

We already know how powerful NetSentry Live is and we want to share its power with you. After test driving the product we invite you to watch the video with our Chief Forensics Examiner, Larry Daniels and finally download the full licensed trial version of our software. The download can be completed directly from our home page.

Information Security Interview with Chief Forensics Examiner, Larry Daniel