In my executive lunch meetings I often quote statistics from previous years showing exponential growth in the numbers of records compromised, people exposed, etc.  The most recent data suggests that about 2/3 of US citizens have had records exposed.  If you’ve seen this presentation you may recall the 2005 IDTheftcenter.com data showing 134 companies reporting ID theft oriented breaches…growing to about 303 the next year.  2008 Data is now out with the following additional sound bites:

• 656 Data breaches reported, up from 446 in 2007 (a 47% increase).
• 30% of these include insiders, but remember that many of these insider hacks cooperate with outside organized crime syndicates.
• 65% of these breaches target data at rest – database attacks etc.
• 37 Million Records were breached this year – no report on number of victims. 
• (All from SC Magazine – http://www.scmagazineus.com/Data-breaches-rose-dramatically-during-2008/article/123606/?DCMP=EMC-SCUS_Newswire )

Despite increases in security spending, education, and advancements in security technology, the bad guys are still outpacing efforts to secure data.  In many cases it’s the approach that is wrong.  Companies don’t understand digital assets, are not taking the proper steps to secure data by using a balance of Protection, Detection, and Response, and in general have centralized security decisions at the IT level, leaving data users out of the equation.   For more insights on how to sell into this environment I recommend reading or rereading The House & the Cloud, one of the only books out there on how to sell security solutions.