I was playing with the site PrivacyRights.org today. This is a tremendous site where you can get valuable statistics on data breaches and compromised records. Privacy Rights collects information on all publicly available breach data, then create a simple interface where you can query that data. I did that today, with an emphasis on the human element. What I found really surprised me, humans result in far more breaches then you think.
- I selected all the types of breaches that were human related. Specifically unintended disclosure, insider threat, and lost, stolen or discarded data (Physical, Portable and Stationary). The number of records breached for 2012? 11.4 million.
- Then I reversed it and selected the three not specific to humans, specifically hacking, payment card fraud and unknown. The number of records breached? 16 million.
When you look at statistics like this, I hope people begin to realize that until we go beyond just technology and start investing in people, the bad guys will continue to have it easy.