Data Loss Incidents Rise With An Increase In Sophistication And Variety Of Attacks, Says KPMG

Mobile devices will continue to cause more opportunities for data loss in 2013

Feb 26, 2013, 11:19 ET from KPMG LLP

NEW YORK, Feb. 26, 2013 /PRNewswire/ -- Recent incidents of corporate data loss hit the highest levels since 2008 as companies work to improve data security strategies against a greater variety of more sophisticated IT attacks that can pose severe enterprise and reputational risks, says a new report from KPMG International.

Data loss attacks affected more than one billion people in the last five years and more than 60 percent of those incidents were the result of hacking, says The Data Loss Barometer report from KPMG that analyzed incidents since 2005 across industries, types of data loss and global regions.

"Instead of a company staying ahead of aggressive breaches in data systems, the threat of severe data loss is getting ahead of the current security, which is a dangerous trend," said Greg Bell, a partner at KPMG LLP, the U.S. audit, tax and advisory firm, and KPMG's Global and Americas Service Leader for Information Protection. "We found that to be especially true in the government, education and technology sectors, which experienced the most incidents in the past five years."

According to the report, data loss threats have risen substantially with the use of mobile devices for business purposes and personally identifiable information continues to be the top data loss type.  Industries such as health care and professional services, which maintain the largest databases of personal information, saw 18.5 million people affected by PC theft, which accounted for one-third of all data loss incidents in those sectors for the first half of 2012.

"Hard drives continue to be the number one target for portable media data loss, but we have seen a big increase in incidents around DVDs and CDs, as well," said Bell. "The volume of company data stored on personal and mobile devices needs to be a major consideration when devising a comprehensive security plan."

Depending on the type of data loss, an incident can be a major risk to a company's revenue or reputation.  Senior management and boards are now challenged to weigh the threat of exposure according to which data loss could be more impactful to the company and employ security measures as appropriate, according to the report's findings.

"If a laptop with a formula for a new cancer drug is stolen, it could have the potential for a billion dollar loss to a company's future revenue; but if a laptop is lost with health records for two million patients, that could be a reputational mark from which they can't recover," said Bell. "Executives and boards need to be a part of the discussion around the most effective way to protect this information from all types of loss because it could mean unrecoverable damage to a firm."

Additional findings in the KPMG report included:

  • Government, healthcare, education, financial services and retail comprised the top five worst performing sectors for data loss incidents in the last five years.
  • The insurance sector is the most at risk from social engineering and system/human error data loss.
  • More than 96 percent of data loss incidents in the media industry were attributed to hacking during the first half of 2012.


KPMG LLP, the audit, tax and advisory firm (, is the U.S. member firm of KPMG International Cooperative ("KPMG International.") KPMG International's member firms have 145,000 people, including more than 8,000 partners, in 152 countries.

About KPMG International

KPMG is a global network of professional firms providing Audit, Tax and Advisory services.  We operate in 152 countries and have 145,000 people working in member firms around the world.  The independent member firms of the KPMG network are affiliated with KPMG International Cooperative ("KPMG International"), a Swiss entity.  Each KPMG firm is a legally distinct and separate entity and describes itself as such.

Contact: Anayo Afolabi