Data theft: What really accounts for it

A new survey blames lost data on negligent insiders, outsourcing, and malicious employees.

Michael Horowitz
Michael Horowitz

Michael Horowitz wrote his first computer program in 1973 and has been a computer nerd ever since. He spent more than 20 years working in an IBM mainframe (MVS) environment. He has worked in the research and development group of a large Wall Street financial company, and has been a technical writer for a mainframe software company.

He teaches a large range of self-developed classes, the underlying theme being Defensive Computing. Michael is an independent computer consultant, working with small businesses and the self-employed. He can be heard weekly on The Personal Computer Show on WBAI.


If you work in a corporation, then you might be interested in a blog posting by Joel Hruska over at Ars Technica that reviews a report by Compuware on how and why corporations lose data.


Compuware surveyed 1,112 "IT practitioners" and found that only 1 percent of data losses could be attributed to hackers.

The other 99 percent? Mostly negligent insiders. The next biggest sources of trouble were outsourcing and malicious employees.

Asked about their employer's ability to monitor and detect information theft, most of those surveyed said their employers did a poor job.

If you like to cut to the chase, here is Hruska's conclusion:

The report ultimately suggests that the vast majority of companies have security models that are semifunctional at best. Accountability is a hit-or-miss affair, confidence in the system as a whole is minimal, and the flaws that contribute to data breaches aren't confined to any single level of an organization.


See a summary of all my Defensive Computing postings.