Abstract
Data leakage is defined as the accidental or unintentional distribution of private or sensitive data to an unauthorized entity. Sensitive data in companies and organizations include intellectual property (IP), financial information, patient information, personal credit-card data, and other information depending on the business and the industry. Data leakage poses a serious issue for companies as the number of incidents and the cost to those experiencing them continue to increase. Data leakage is enhanced by the fact that transmitted data (both inbound and outbound), including emails, instant messaging, website forms, and file transfers among others, are largely unregulated and unmonitored on their way to their destinations. Furthermore, in many cases, sensitive data are shared among various stakeholders such as employees working from outside the organization’s premises (e.g., on laptops), business partners, and customers. This increases the risk that confidential information will fall into unauthorized hands. Whether caused by malicious intent or an inadvertent mistake by an insider or outsider, exposure of sensitive information can seriously hurt an organization. The potential damage and adverse consequences of a data leakage incident can be classified into two categories: direct and indirect losses. Direct losses refer to tangible damage that is easy to measure or to estimate quantitatively. Indirect losses, on the other hand, are much harder to quantify and have a much broader impact in terms of cost, place, and time [Bunker, 2009]. Direct losses include violations of regulations (such as those protecting customer privacy) resulting in fines, settlements or customer compensation fees; litigation involving lawsuits; loss of future sales; costs of investigation and remedial or restoration fees. Indirect losses include reduced share price as a result of negative publicity; damage to a company's goodwill and reputation; customer abandonment; and exposure of intellectual property (business plans, code, financial reports, and meeting agendas) to competitors.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Frost & Sullivan. 2008. World Data Leakage Prevention Market. Technical Report ND34D-74, Frost & Sullivan, United States.
Mogull, R. 2007. Understanding and Selecting a Data Loss Prevention Solution. Technical Report, SANS Institute, Securosis.
Phua, C. 2009. Protecting organizations from personal data breaches. Computer Fraud & Security, 2009(2), 13–18.
Author information
Authors and Affiliations
Rights and permissions
Copyright information
© 2012 The Author(s)
About this chapter
Cite this chapter
Shabtai, A., Elovici, Y., Rokach, L. (2012). Data Leakage. In: A Survey of Data Leakage Detection and Prevention Solutions. SpringerBriefs in Computer Science. Springer, Boston, MA. https://doi.org/10.1007/978-1-4614-2053-8_2
Download citation
DOI: https://doi.org/10.1007/978-1-4614-2053-8_2
Published:
Publisher Name: Springer, Boston, MA
Print ISBN: 978-1-4614-2052-1
Online ISBN: 978-1-4614-2053-8
eBook Packages: Computer ScienceComputer Science (R0)