According to a new Symantec survey, 58-percent of Australian and New Zealand (ANZ) small and mid-sized businesses (SMBs) have experienced information security breaches. Information security breaches include instances where data is lost, stolen, or hacked because there isn’t adequate protection in place, like data encryption software.
Of those who answered the survey, 45-percent had experienced the loss of laptops or other portable devices, either due to misplacement or theft. The breach rate of 58-percent compares negatively with a global average of 41-percent. The US and Canada, on the other side of the spectrum, have rates of 29-percent and 27-percent, respectively, half of what ANZ experiences.
According to a Symantec representative, the difference may lie in the lack of data breach disclosure laws. The reasoning is, essentially, out of sight, out of mind: since there is no disclosure, people don’t pay as much attention to data security. The US and Canada, on the other hand, do have such laws (well, at least for most states in the U.S. Canada has a national law, if I’m not wrong.)
That’s an interesting note to make. It was debated not too long ago whether data breach notifications “work.” I think the overall conclusion was that, yes, breach notifications do work, but their effect is limited and it’s not the best way to approach the curtailment of information security breaches. The above results would indicate otherwise, a net 50-percent decrease in data breaches due to the adoption of disclosure laws.
There is the problem of accounting for differences in culture and other legislation, though, so it’s debatable. I mean, it could be that citizens in the ANZ are more open to admitting to problems, and hence the “higher” data breach incident rates. Or, perhaps their counterparts in North America are not tracking breach instances as assiduously as ANZ, and hence the disparity. (Not that I’m suggesting that ANZ does a better job or are more honest…it’s just that the numbers work out that way if I’m going to make an argument.)
Regardless of what may account for the difference, it looks like the reasons for not engaging in better data security is the same: budget issues and lack of personnel with the appropriate skills.
For example, the use of hard disk encryption can be slightly complicated, since it requires the effective management of encryption keys. Lose these keys, and you’ll gain access to your data again. However, such complications can be resolved by using managed encryption software like AlertBoot. Encryption services companies like AlertBoot ensure that deployment of encryption software is as easy as possible, and takes care of the complexities involved.