Personally identifiable data most frequently exposed to breaches: Study

Personally identifiable information is the most frequently exposed data, accounting for 28.7% of breaches, according to a study of insurance claims.

Released Thursday, “NetDiligence 2013 Cyber Liability & Data Breach Insurance Claims, A Study of Actual Claim Payouts” examined 145 data breach insurance claims, 140 of which involved the exposure of sensitive data in a variety of sectors, including government, health care, hospitality, financial services, professional services and retail, according to author Mark Greisiger, president of Philadelphia-based Network Standard Co., which does business as NetDiligence.

Personally identifiable information was followed closely by personal health information, which accounted for 27.2% of breaches.

Among other study findings:

• Lost or stolen laptops and devices were the most frequent cause of loss, at 20.7% of the total, followed by hackers at 18.6%.

• Health care was the sector most frequently breached, accounting for 29.3% of the total, followed by financial services at 15%.

• Firms with capitalization of $300 million to $2 billion and those with less than $50 million experienced the most incidents, at 22.9% and 22.1%, respectively; companies with more than $100 billion in capital lost the most records at 45.6%.

• The median number of records lost was 1,000, and the average was 2.3 million per data breach incident.

The report was sponsored by Austin, Texas-based AllClear ID, an identity theft protection and data breach response company; Dayton, Ohio-based law firm Faruki Ireland & Cox P.L.L.; and San Francisco-based Kivu Consulting Inc.

Copies of the report are available here.