As an unsavory group, the combination of phishing, hacking and malware together were the number one cause of data security "incidents" at 31%.
That is according to the latest (second annual) Data Security Incident Response Report from BakerHostetler based on over 300 such incidents the law firm helped manage.
The rest of the top five in order were employee actions/mistakes (24%), external theft (17%), vendor-related incidents (14%), and internal theft (8%). Just outside the top five at 6% was improper disposal.
The study found that the average time between a breach and detection was over two months (69 days) and in at least one case well over a year.
In 24% of the cases a regulatory inquiry resulted from the breach, and litigation occured in 6%.
More than half of the breaches (52%) were self-detected.