2009 had but a fraction (less than 1 percent) of the records compromised compared to 2008. However, with the increase in the number of breaches that do not include the total number of records compromised, these are obviously skewed results.
It would seem (albeit without a full picture based on lack of complete disclosure) that the retail industry did remarkably well in 2009. More retail businesses were actively enforced by the payment card industry data security standards (PCI-DSS) in 2009 than ever before. Based on what is reported, one might conclude that those requirements are effective in reducing the overall number of breach incidents and records lost.
New laws and regulations regarding data security breaches and disclosure laws affect the way in which nearly all organizations do business in the United States. This study, by Perimeter CTO Kevin Prince, provides a review of the scope and impact of data security breaches in an effort to encourage proactive modification to risk mitigation technologies, policies, and procedures that reduce exposure to a data breach incident.
Here, Prince examines data breaches distributed across five verticals: finance, health care, retail, government and education. However, keep in mind that the data used to extrapolate the charts, graphs, and representations for this study is by its very nature misleading.