Saudi Arabia is expected to invest up to $ 400 million over the next five years in data loss prevention (DLP), encryption and endpoint security solutions, according to market research conducted by InfoWatch, a global IT solutions company with presence in Saudi Arabia.
Alexander Zarovsky, head of international business development in InfoWatch, said: “Confidential data protection and overall information security has become ever more important in the Kingdom. Joint research conducted with our local and regional partners, estimates that 80 percent of companies in the Kingdom operate without internal data security systems in place.”
Sectors most vulnerable to data security threats include government bodies and financial institutions, followed by the utilities, oil and gas, telecom, constructing and manufacturing industries.
During 2011-2012, uptake in the adoption of DLP solutions was highest across the financial institutions, government and telecom sectors, as the market continues to shifts from a resource-based economy toward manufacturing.
In the recent annual report on Worldwide Data Leaks reported by the press during 2012, and published by the InfoWatch Research Center, research suggested that more than 1.8 billion records were globally compromised in 2012, including those containing financial and personal data.
The press reported 934 confidential information leaks, a 16 percent increase compared with last year. Direct losses – those that were published in open sources – alone amounted to more than $ 37.8 million.
“It is important to realize that the financial losses reported by companies as a result of data losses are just a drop in the ocean compared with the real losses, which businesses bear on a daily basis,” said Zarovsky commenting on the results of the research.
“We recently observed an upward trend in media reporting of confidential data leaks, but there are grounds to believe that the number of ‘public’ incidents represents no more than 3–5 percent of the true number, and an even smaller number of companies indicate their financial losses. Taking account of all these factors, these tens of millions of dollars in losses turn into tens of billions — an enormous sum.”
The introduction of security tools has had an impact on the ratio of accidental to intentional leaks, since existing tools available on the market are more effective against accidental incidents than against intentional leaks.
According to the report, the percentage of accidental leaks has dropped; such leaks made up just 38 percent of incidents in 2012, while intentional leaks accounted for 46 percent. As before, the majority of leaks — 89.4 percent — involved personal data (this figure was 92.4 percent in 2011.
2012 was the year of leaks from government organizations. There has been a noticeable increase in the proportion of leaks, which emanated from government sources, demonstrating that the public sector is not paying sufficient attention to the issue. There is a second, still more obvious, cause — the mass use of mobile devices (smart phones, laptops, and tablets) — for which information security teams within government and municipal organizations around the world were clearly not prepared.
“According to InfoWatch analysts, last year government organizations became the ‘leaders’ in terms of the increase in confidential information leaks,” says Natalya Kaspersky, CEO of InfoWatch.
“This trend shows that the level of information security in the public sector remains insufficient. Government organizations must pay more attention to information security considering the fact that these organizations handle information of high national importance, such as government secrets, confidential strategic information, etc. There are also huge volumes of personal data circulating within these organizations.”
The annual study carried out by InfoWatch Research Center is based on the company’s own database, which was started in 2006 and includes only incidents reported in the media and other open sources. This is the first time the analysts have encountered a different picture in different industries.
Against the general background, banks, insurance companies, and telecom operators stand out; in these industries, the proportion of accidental leaks is steadily decreasing. With some slight reservations, this picture applies across the whole commercial sector.
Analysts link this to the growing popularity of information security tools and means of monitoring information flows.
In the near future, InfoWatch expects changes in the way that DLP systems are perceived and implemented both by vendors and clients.
As a result, the information security consulting sector will evolve, improving the information security culture of companies which use these systems.
Over the next 3 to 5 years there will obviously be a reduction in ‘typical’ incidents – accidental and ‘inexpensive’ intentional leaks.