Report: Lost Documents, Portable Memory Devices To Blame For Majority Of Data Breaches

Nearly two-thirds surveyed suffered data breaches according to HCCA, SCCE survey

January 28, 2013

2 Min Read


MINNEAPOLIS, Jan. 28, 2013 /PRNewswire-USNewswire/ -- Lost paper files and portable memory devices account for 65 percent of data breaches according to "Data Breach Incidents & Responses," a just released survey conducted by the Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA). The compliance and ethics department, according to 69 percent of respondents, led the remediation effort following the last data breach.

"Once again we find that an overwhelming number of data breaches are caused by employees' poor handling of paper and devices. If we put as much effort into our internal compliance program as we do in technical security we would be more effective at preventing data breaches," said SCCE and HCCA Chief Executive Officer Roy Snell.

Additional findings

The survey also found that more than half of respondents reported that their organization suffered a data breach the previous year. Although 59 percent is a significant percentage of the respondents, what is perhaps more surprising is that more than 37 percent of these organizations experienced multiple breach incidents.

Rank and file employees were most often responsible for breaches, while just 11 percent of respondents indicated their last breach was the result of hacktivists. Breaches were most often reported by employees other than IT (47 percent), while customer notification accounted for 15 percent. It is good news that apparently employees are willing to come forward; business should continue to encourage this behavior.

Fifty-nine percent of survey respondents reported the costs attributed to resolving their last breach was less than $50,000. The numbers in the research only reflect hard costs and don't take into account lost business or brand value due to customer or partner mistrust or negative publicity.

This survey was conducted in the last quarter of 2012 with 450 compliance and ethics professionals from a wide range of industries and private and public companies as well as non-profit organizations. Use the following links to access the complete survey:



About SCCE and HCCA

The Society of Corporate Compliance and Ethics (SCCE) and the Health Care Compliance Association (HCCA), headquartered in Minneapolis, Minn., are non-profit professional member associations that serve more than 10,000 compliance and ethics professionals globally. The associations provide resources and training to compliance professionals, including those specialized in health care, and champion ethical practices and compliance standards.

Visit SCCE's website at or HCCA's website at for more information.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights