Verizon Business conducted a study that spans four years of security breaches and over 500 forensic investigations, and includes 3 of the 5 largest breaches ever reported.
According to the resulting data, 9 out of 10 security breaches could have been prevented. Seventy-five percent of breaches are discovered by third parties and not the company suffering the breach. Furthermore, the vast majority of breaches are perpetrated by company outsiders.
Verizon also reports that, amazingly, patches were available for 90 percent of the vulnerabilities exploited and those patches were available for at least 6 months prior to the breach.
Two other interesting points from the study are that in 66 percent of the cases companies had no idea the breached data existed in their systems; and in 82 percent of the cases indicators were available that could have clued a company in that someone was trying to break in.
Verizon's 29-page report,"2008 Data Breach Investigations Report," is available online in PDF format.