Interesting to also note, most of the data breaches, 70%, where detected by third party vendors. So, with such a small percentage of detections, when companies dont use a third party vendor, one must wonder why companies try to safeguard their data without some form of assistance. As noted by Dwayne Melancon, vice president of strategy for Tripwire, companies have so much data that understanding just what to pay attention to can get very difficult. And putting the nail in the coffin, as noted by Phil Neray, vice president of security strategy at IBMs Guardium, too many of these organizations waste resources trying to build some form of compliance and reporting tools internally with scripts, native logging, triggers, etc. that are ineffective because they are usually not real-time or miss something from the massive amounts of transactional information in todays corporate environments.
The report from Trustwave shows that only 9% of data breaches in 2009 were noticed.