February 06, 2012, 3:03 PM — Do you think data breaches are up or down in 2011 compared to 2007 or 2008? The official answer may surprise you. According to DatalossDB and the 2011 Data Breach Investigations Report [PDF link] by Verizon, the number of records compromised per year has been decreasing since its 2008 peak. But these reports are missing something very important. It all comes down to what is reported. Last year I met with more than 450 CIOs and CSOs, and almost all of them said that incidents are way up. New breaches are constantly making headlines, so why is there a discrepancy between our perception and what these reports are finding?
Many industry reports focus on the never-ending stream of leaked or stolen personally identifiable information (PII). Most laws and industry standards, such as PCI DSS, also concentrate on PII. But there is something that could be more dangerous to lose than PII and that isn't getting enough attention in data breach reports--intellectual property (IP).
As records show, stealing PII (credit cards, social security numbers, and so on) used to be big business for cybercriminals. Then it started to get a bit harder for hackers to get PII because overall awareness increased as more regulations were passed and organizations started to invest in information security solutions. Verizon's Data Breach Investigations Report states, "Our leading hypothesis is that the successful identification, prosecution, and incarceration of the perpetrators of many of the largest breaches in recent history is having a positive effect." Researchers also suggested that there are fewer hackers and the threat they pose is losing prominence. I believe protection enforcement is a factor in the reduction of PII theft, but I don't believe there are fewer bad guys out there. In fact, quite the opposite: The threat has never been greater than it is now.
The next big thing is stealing IP, which includes product designs, secret formulas, and other trade knowledge. It's what organized cybercrime, state governments and hackers are all going after. Why? Mostly because of the value of the data. One stolen manufacturing process can be worth millions in saved development costs or billions in market share.
Not protecting IP is a huge mistake for companies and countries alike. Intellectual property is what makes modern nations competitive in the world economy. It fuels innovation and development, and it keeps you ahead of the competition.