According to the Business Continuity Institute’s (BCI) inaugural Information Security Report, 15% of organisations “lost sensitive data” in the last 12 months. Indeed the actual figure could be higher, as a further 15% don’t know if they did or didn’t. Whatever the precise figure, it is broadly in line with a report from IBM in 2016 which estimated a 13% annual chance of “a material data breach involving 10 000 lost or stolen records”. Other research has found the likelihood of a data breach was about 14% for a organisation with 10 000 employees in 2015, and had been reasonably stable at that level for the last few years. So everybody seems to be in rough agreement that it’s a serious problem.
Another interesting finding from the BCI report was that “human error” was the most frequent cause of loss of sensitive data. Once again, this is very consistent with other reports, such as those from the Information Commissioner’s Office which, for the last two years has found “Data posted, faxed or emailed to incorrect recipient” to be the most frequent cause of data breaches. The key to improving information security lies in effective policies, processes and training: follow the link to see how we can help with this.