A fifth of reported data loss incidents in the first half of this year was made up of malicious attacks from inside the organisation, according to research from KPMG. Their Data Loss Barometer, which considers lost and stolen information worldwide, suggests the growth of the threat from within has been a rapid one, rising from only four per cent of all incidents in 2007, to 20% in 2010.

According to the report, 23 million people globally have been affected by data breaches involving the threat of a malicious insider since 2007.

Malcolm Marshall, head of the information security practice at KPMG in the UK commented: “The recession may have played its part in driving up the increase in malicious insider data loss incidences, as data becomes an increasingly valuable commodity. But the alternative is that as organisations get wiser to the tactics of hackers, then criminals may be tempting staff to pass on valuable information – hence the massive growth in the insider threat.”

As well as the rapid growth in malicious insider incidents, the research found that hacking remains the biggest threat of data loss, with almost a quarter of a billion people affected by it since 2007. The lure of financial gain, corporate espionage and terrorism provide the main motivation behind hacking attacks.

These findings support the concerns of the UK government who have identified cyber war as one of the key threats facing the UK’s critical infrastructure.
The research also found that in the first six months of this year, just over a quarter of all reported incidents were in the healthcare sector with almost four million people affected. Healthcare’s share of the number of incidents doubled from 12% in 2009, to 25% in 2010.

This global trend echoes concerns raised by the ICO, which earlier this year stated that the NHS has reported the highest number of serious data breaches since 2007.

The healthcare sector is closely followed by government which accounted for a fifth of all incidents this year, according to the report. Within government, nearly 40% of incidents involved a third party.

In terms of the number of people affected, financial services continues to be the worst affected sector, accounting for a third of the total number of records that were lost or stolen since 2007. The retail industry (31%) comes in at second place, where access to the details of credit and store cards continues to be a security risk.

“2011 and beyond will undoubtedly see the data theft threat continue to grow – Stuxnet is seen as the first ‘weaponised’ cyber-attack and it has upped the game in terms of the level of sophistication. It will only be a matter of time before similar techniques are developed by criminal gangs. The likely result is broader ‘general’ security breaches and increasingly large direct financial losses,” Marshall adds. "The fear of tougher sanctions, regulatory developments and negative publicity appears to have increased the awareness of the need to protect vital information. But as ‘cyber wars’ begin to take hold as a threat, and criminals constantly seek new ways of infiltrating systems, businesses and individuals alike need to ensure the security of their data is given utmost priority.”

Share Story: