[Voptalk] Hackers Get a Bum Rap for Corporate America's Digital Delinquency

[Peter Thermos]

FYI...

University of Washington communications professor Phil Howard conducted a
review of data-breach incidents reported in major U.S. news outlets between
1980 and 2006 and found that organizational flaws in businesses, not
hackers, should receive the most blame. "The surprising part is how much of
those violations are organizationally prompted--they're not about lone wolf
hackers doing their thing with malicious intent," Howard says. His study
revealed that malicious intrusions represent only 31 percent of 550
confirmed incidents, while mismanagement, such as missing or stolen
hardware, insider abuse or theft, administrative errors, or accidental
exposure of data online was responsible for 60 percent of the incidents
reported. State laws that require companies to report breaches enabled the
study to be done with greater accuracy. "We've actually been able to get a
much better snapshot of the spectrum of privacy violations," says Howard.
The study also found that while universities make up less than 1 percent of
the total records lost, they make up 30 percent of the reported incidents.
Corporate America claims that market forces should be allowed to solve the
problem of data breaches and reporting them, but Howard believes that this
strategy is not sufficient, especially since identity theft is the nation's
fastest growing crime. He also believes that states seem more capable of
passing laws on the matter than the federal government.

http://uwnews.washington.edu/ni/article.asp?articleID=31264

Peter