Many attribute this data loss trend to the popularity of mobile devices such as flash drives, USB keys, laptops and PDAs. In recent years there has been an explosion of new - and sometimes cheaper - products hitting the market, and as their use becomes increasingly accepted in corporate spaces the risk level has also ascended.
"One of the things I think we can certainly attribute to that [data loss statistics] is the pervasiveness of these devices and the acceptance of their use within an organisation," Altiris systems engineer product manager, Chris Bowden, said. "If we look back traditionally at what companies were protecting themselves against, it was very much protecting against intrusion. So we were trying to stop the bad people from getting in.
"What we are really seeing is that a lot of those measures have been effective in doing that so it is obviously quite a mature market. What's now happening is that the data losses we are seeing are not necessarily from people outside of the organisation."
In fact, Bowden noted that even though malicious attacks are a persistent threat, the risk from within an organisation is just as great.
"The reality is that almost all companies have an internal risk of losing data via their own employees," he said.
Despite the fact these devices are becoming more and more common, there is little acknowledgement and understanding of the scope of the security problem in many organisations. SanDisk senior manager marketing enterprise division, Dror Todress, claimed there was a sizeable difference between management and employee perceptions as to the staff usage levels of unsecured USB flash drives; management think around 35 per cent, employees think about 70 per cent.
Data disaster?
From a privacy and financial perspective the troubling fact is corporations and government agencies have generally not maintained adequate policies and technologies to prevent data loss via mobile devices.
"We have always lost data, it's just because we now have it in electronic form you can lose a lot more of it a lot more easily," Ovum senior analyst, Mike Davis, said.
"On top of that, while people might go on about the malicious stuff ...most data is lost through pure ignorance or laziness. We don't respect the information we are holding.
"We fail to educate our staff about the value of the information that they are holding and don't necessarily have an ethos of 'we should look after that information and protect it'."
Davis pointed to the huge opportunity loss involved with any data loss as a compelling reason to implement stricter security policies and highlighted the impact of rumours on some leading UK banks.
"There are also issues about blackmail," he said. "One of things we don't know about data loss is how much is there. The larger organisations don't want to admit that they've lost information.
"But we can never prove that, unless you are one of the people who did it."
