InfoWatch, a company that offers data leakage protection solutions, released its Global Data Leakage report for the year 2014 that showed the banking and financial services industries at high risk for data leakage with over 40% of all volume of leaked personal data in 2014 originating from these verticals.
The report revealed that in 2014 alone, the banking and finance industry was involved in the leakage of 313 million personal data or 40.9 percent of the total personal data record leaks. These personal data leakage were attributed to 135 cases or close to 10 percent of the total number of cases data leakage reported over the year.
Although the healthcare segment recorded the highest number of data leakage cases – 352 cases, the personal data compromised were much lower in volume compared to the banking and finance industry – about 58 million or seven percent of the total record.
The InfoWatch Analytical Center based the report on 1,395 cases of confidential information leaks, as reported in the media and other open sources in 2014.
According to InfoWatch, over 767 million personal data were compromised, making up 92 percent of the type of information leaked, out of the 1,395 cases in 2014.
The report registered 14 mega-leaks, where each incident resulted in a leak of over 10 million personal data records. Analyst at InfoWatch attributed 89 percent of all compromised data to mega-leaks.
Information breach leads the type of data breach with 1,120 cases, followed by data fraud and exceeding access rights.
The way data is being leaked is also changing, according to the report.
While paper or hard copy has traditionally been the most common channel of data leakage since InfoWatch began reporting in 2004, the latest report shows that leaks via browsers or the cloud have overtaken hard copy leaks. In 2014, 448 cases or 35 percent of total data leakage were reported over browsers or the cloud. This a 28 percent increase from the total number of cases leaked via browser or the cloud in 2013.
According to Natalya Kaspersky (picture), CEO of InfoWatch Group of Companies and Co-Founder of Kaspersky Lab, data leakage is an old threat made new, more dangerous and more damaging due to current technology and the lack of data leakage prevention measures by organisations.
“Data leakage may soon overtake other threats when it comes to financial and reputation damage to organisations. For consumers, note that 92 percent of information leaked is personal data – so it is you and your personal information that is being put at risk when organisations do not take enough precautions to prevent leaks,” she explained.
“The way data is being leaked has moved from the traditional misappropriation of hard copies to channeling data out through browsers and the cloud. For organisations, while the cloud offers seamless services and convenience of storage and access, data in the cloud needs to be better protected against leaks. This is especially true for the banking and financial services industries, healthcare and government sectors. It is also where we can help,” she said.
While accidental and incidental data leakage are relatively on par with each other, the current trend shows 11 percent fall in intentional data leakage from the previous year. Data Leakage Prevention solutions can adequately handle accidental leaks, however preventing intentional leaks requires a significant consulting element during the development, integration, and support of systems, and particularly in investigating incidents which have occurred.
“Business owners and cloud users should start looking into the importance of data leakage prevention, as the current number of cases reported in the media has almost doubled within a mere 5-years span, compared to 747 total data leakage cases reported in 2009. A single date leak could result in billions in losses, and untold damage to reputation,” added the CEO.
Employees continues to be the main players in information leakage with involvement in more than half of the total cases, with one percent of total confidentiality breach backed by senior executives of organisations.
The United States ranked first in global data leakage with 906 cases, followed by Russia and the United Kingdom in second and third place, with 167 cases and 85 cases respectively.