A headline caught my eye in the latest edition of SC Magazine. Evidently,
the UK has been named and shamed as Europe’s worst country for data breaches.
It
may be a catchy headline, but it belies the facts. The article focused on a
report published by Gemalto, drawing attention to significant data breaches
during 2014. It focused on 1541 breach reports that, in total, affected over 1
billion records.
The
article’s headline simply referred to a statistic, buried away on page 7,
indicating that in terms of the number of separate incidents reported, there
were more reports from UK organisations (117) than from any other country in
Europe. Germany, for example, reported 7 incidents. The French had 9 incidents,
the Italians 3 and Poles only 2. Nobody was shamed. Not even the countries that
reported hardly any incidents.
Need
I say more?
I
think it would be more helpful just to highlight the point that British
organisations were more likely to report data breaches to the researchers than
organisations in other European countries.
So
what lessons can we learn from this report?
Very
few, actually – as its so hard to accept that the raw breach reporting data is
credible. It was collected from “pubic
sources” – whatever those were. While it makes great reading if you’re after a
few horror stories to use in presentations that seek to justify additional
expenditure on encryption and control access for users, the document doesn’t
purport to be an authoritative study on the breaches that are currently being
experienced.
Indeed,
Gemalto helpfully emphasises that it “makes no representations or warranties
regarding this information and is not liable for any use you make of it.”
But
don’t let that disclaimer put you off reading it.
Just
take the headlines from the IT security press that purport to report on the
document with a healthy dose of scepticism.
Sources:
http://www.scmagazineuk.com/uk-named-and-shamed-as-europes-worst-country-for-data-breaches/article/397968/
http://breachlevelindex.com/pdf/Breach-Level-Index-Annual-Report-2014.pdf
.
Posts
