Why is this page text-only?

Data Security Statistics and Research

Federal Trade Commission Consumer Sentinel1 (2006)

  • Self-reported identity theft complaints from consumers rose almost 19% between 2003 and 2005 to more than 255,500, according to the Federal Trade Commission.
  • People older than 60 had the lowest rates of identity theft, making up 11% of the total.

Federal Trade Commission Consumer Sentinel2 (2005)

  • In 2004, the complaint database developed and maintained by the DTC received over 645,000 consumer fraud and identity theft complaints. And consumers reported losses from fraud of more than $547 million.

Federal Trade Commission Consumer Sentinel3 (2003)

  • 10 million Americans were victims of identity theft in 2002, the most updated numbers available, with a total cost impact of $50 billion annually. In addition, the fraudulent use of victims' personal information to obtain goods and services cost businesses and financial institutions $33 billion in 2002.

Ponemon Institute4 (2005)

  • Customer data compromises costs companies as much as $50 million. Direct costs incurred by a company alone average $5 million per incident.
  • On average, each record lost cost companies $140.

Javelin Strategy & Research5 (2006)

  • Estimates of the average fraud cost per victim rose to $6,383 in 2005 from $5,885 in 2004 and $5,246 in 2002. As such, the total cost of identity fraud, pegged at $56.6 billion 2005, has been holding fairly steady.
  • The average resolution time for resolving fraud cases has increased from 33 hours in 2003 to 40 hours in 2006

National Cyber Security Alliance6 (2006)

  • Although 57% of people who use social marketing sites admit to worrying about becoming a victim of cyber-crime, they are still divulging information that may put then at risk.
  • 74% of persons surveyed have given out some sort of personal information, such as their e-mail address, name and birthday.

 

Corporate/Organization Issues

Ponemon Institute7 (2005)

  • 81% of companies surveyed have experienced the loss of one or more laptops containing sensitive data over the past 12 months.
  • 64% of some 500 data-security pros surveyed admit that their companies have never performed an inventory to determine the location of customer or employee info.

CMO Council8 (2006)

  • 76% of marketing executives surveyed believe security breaches negatively impact the company brand. Yet 60% said that security has not become a significant theme in their company’s messaging and marketing communications.
  • Only 29% said their company has a crisis containment plan for security breaches and failures. Another 27% don’t even know if such a plan exits.
  • Over a third of consumers say they would strongly consider taking their business elsewhere if their personal information was compromised.

CIO Insight.com Annual Security Survey (September 2006)

  • Nearly half of large companies have been targeted for online data thefts, by perpetrators ranging from organized crime mobs to disgruntled former employees.
  • One company in six has lost equipment containing company data in the past year.
  • Employee negligence and software vulnerabilities are considered the most significant IT-security risks.

Javelin Strategy & Research9 (2005)

  • Security breaches at businesses accounted for 30% of 2005 identity-fraud cases, while 30% were the result of consumers' lost or stolen wallets and checkbooks; nefarious friends and family, 15%; stolen mail, 9%; and attacks and scams targeting home computers, 9%.

Visa/U.S. Chamber of Commerce (2006)

  • Nearly two-thirds (64%) of small businesses have made improvements to protect their customers' personal information, including credit and debit card data, in the past 12 months, and nearly a third (29%) have done so in the last 3 months.
  • Small retailers spend more resources preventing the theft of products and cash from their store (34%) than securing customers’ personal data (20%).

Deloitte Touche Tomatsu10 (2006)

  • The majority of technology, media and telecommunications (TMT) companies surveyed consider themselves reactive when it comes to investing in information security, and only 4% believe they are doing enough to address the problem.
  • Only 37% of the TMT companies provided security training to employees in the last 12 months.
  • While 74 % of TMT companies said that they expect to spend more time and money on improving security in 2006, the average budget increase among those companies was only 9 percent.
  • Only 63% of TMT companies have a dedicated, senior-level security officer; among technology companies the number is only 53%
  • More than two-thirds of life sciences companies have already appointed a Chief Security Officer, a three-fold increase over the past decade.

 

Internal Threats

Ponemon Institute11 (2006)

  • 78% of IT professionals in the United States say their companies have suffered unreported insider-related security breaches.

Javelin Strategy & Research9 (2005)

  • Security breaches at businesses accounted for 30% of 2005 identity-fraud cases, while 30% were the result of consumers' lost or stolen wallets and checkbooks; nefarious friends and family, 15%; stolen mail, 9%; and attacks and scams targeting home computers, 9%.

Deloitte Touche Tohmatsu (2006)
"2006 Global Security Survey" - whose respondents were major global financial institutions, including 31% of the top 50 global insurance companies.

  • 74% of respondents said they were either very confident or extremely confident in their ability to defend against external threats, an increase of 5% over 2005.
  • When it came to internal threats, however, only 41% were either very confident or extremely confident compared to 50% last year

Deloitte Touche Tohmatsu12 (2006)

  • Among the TMT companies whose security was breached in the last 12 months, half were attacked from inside the company.
  • 83% of the TMT companies surveyed are concerned about employee misconduct involving information systems.

1“Identity Theft Victim Complaint Data: Figures and Trends, January 1- December 31, 2005”, Federal Trade Commission and The Identity Theft Data Clearing House Consumer Sentinel, January 25,2006
2“National and State Trends in Fraud and Identity Theft, January – December 2004”, Federal Trade Commission, February 1, 2005
3“ID Theft Survey 2003”, Federal Trade Commission, September 2003
4“Lost Customer Information: What Does a Data Breach Cost Companies?”, Ponemon Institute, November 2005
5“2006 Fraud Survey Report”, Javelin Strategy & Research, January 2006
6“Social Networking Study”, National Cyber Security Alliance (NCSA), October 4, 2006
7“U.S. Survey: Confidential Data at Risk”, Ponemon Institute, August 15, 2005
8‘Secure The Trust of Your Brand”, CMO Council, 2006
9“Start-ups Offer Protection from Identity Theft”. Wall Street Journal, August 1, 2006.
10“Protecting Digital Assets. The 2006 Technology, Media and Telecommunications Security Survey”, Deloitte Touche Tomatsu, 2006
11“Latest Ponemon Institute Study Ties Lack of Awareness in Corner Office to Insider Threat Challenges”, Ponemon Institute, September 12, 2006 12“Protecting Digital Assets. The 2006 Technology, Media and Telecommunications Security Survey”, Deloitte Touche Tomatsu, 2006

Experts and Speakers

Kroll Fraud Solutions employs globally recognized experts with extraordinary knowledge of the many physical, procedural and electronic security gaps through which confidential data is breached, as well as the criminal landscape where stolen identities are bought, sold and used fraudulently.

learn more

Your Identity Is Your Business. Protecting It Is Ours.