Data Breach Stats Have Experts Puzzled

According to a recent report, the number of records compromised by data breaches fell dramatically in 2010. While that makes for welcome news, the number of actual breaches was much, much higher last year than in 2009.

The figures come from Verizon's business department, which carries out investigations into security breaches as a commercial service.

Unlike its figures for 2009, the company included details of some cases provided by the US Secret Service for the first time in 2010. That makes a direct comparison very tricky, though it turns out the overall trends are clear.

Three Times More Data Breaches Than Previous Year

According to Verizon's figures, it dealt with 141 breaches in 2009, whereas the 2010 figures cover 760 breaches.

Of those 760, 257 came from the Secret Service, so a fairer comparison might be 141 to 503 -- more than a three-fold rise in 1 year's time. How representative those numbers are depends on whether Verizon is doing a better or worse job of winning security business, but it certainly suggests an overall rise in breaches. (Source: verizonbusiness.com)

The Verizon figures also have it that across the 760 breaches in its data set, a total of four million records were compromised. That compares with 144 million in 2009. One theory is that the 2009 figures may include breaches at major credit card processing firms, which put at risk the details of millions of customers.

Multiple Explanations For Dramatic Change

However accurate and representative the figures are, the trend is that there are more breaches, but with fewer records affected. There are three main theories why this might be the case.

Firstly, there could be a trend towards more opportunistic data breaches, such as those carried out by criminals looking to intercept data sent via wireless payment terminals at gas stations or hotels.

Secondly, hackers may be doing a better job of getting inside a company's network, but not doing as good a job of finding the data they are looking for. (Source: networkworld.com)

Finally -- and this theory is backed up by previous reports -- it may be that criminals find it more lucrative to carry out corporate espionage, such as stealing trade secrets or upcoming product plans, rather than simply going for personal financial data, such as credit card details.