Lost and Stolen Assets

Please provide the information below to view the online Verizon Data Breach Investigations Report.

First Name: Last Name: E-mail: Organization: Organization type Country:

The information provided will be used in accordance with our terms set out in our Privacy Notice. Please confirm you have read and understood this Notice.

By submitting the form, you are agreeing to receive insights, reports and other information from Verizon and affiliated companies in accordance with our Privacy Policy. California residents can view our California Privacy Notice.

I confirm I have read and understood

Verizon may wish to contact you in the future concerning its products and/or services. If you would like to receive these communications from Verizon, indicate by selecting from the dropdown menu below. Please note that you can unsubscribe or update your preferences at any time.

Indicates a required field. The content access link will be emailed to you.

View only

Thank You.

Gracias.

You will soon receive an email with a link to confirm your access, or follow the link below.

Download this document

Gracias.

You may now close this message and continue to your article.

2024

Resumen

This year we saw an increase in the percentage of cases resulting in confirmed data breaches in this pattern.

What is the same?

Devices are still much more likely to be lost than stolen. Laptops continue to be a risk for loss in particular.

Frequency		199 incidents, 181 with confirmed data disclosure
Threat actors		Internal (88%), External (12%) (breaches)
Actor motives		Financial (92%–100%), Convenience/Espionage/Fear/Fun/Grudge/Ideology/Other/Secondary (0%–8% each) (breaches)
Data compromised		Personal (97%), Internal (42%), Bank (25%), Other (17%) (breaches)

Now where did I put that?

If you’ve ever been through the line at airport security where you had to remove your electronic devices, take off your shoes and throw away that bottle of water you weren’t finished with, all while masking the amount of anxiety you were feeling to avoid triggering an “enhanced security screening,” you know that it’s a stressful experience. It is little wonder items go missing while people are away from their usual environment and potentially distracted. Despite having wonderful data storage capabilities and an ever-smaller size, User Devices are the most likely to go missing—whether by ill will or inattention. Chief among them is the ubiquitous laptop, and we’ve seen an increase of those events this year after a brief downturn in 2022, as shown in Figure 53.

Data Breach Investigation Report figure 53

Data Breach Investigation Report figure 54

As we have seen consistently in our dataset, assets are vastly more likely to be lost than stolen. Figure 54 shows that this was not always the case. Until 2021, we saw more items stolen, but perhaps given the pandemic’s lessening of people out mingling, the theft opportunities were reduced. That said, we still see this trend despite most companies returning to a more traditional in-person work environment, so there could be something else at play here.

This year we saw a higher percentage of incidents involving Assets in this pattern causing confirmed data breaches as well, with last year showing about 8% confirmed breaches and this year showing a surprising 91%.

The important thing is to have protections on assets, where possible, that can stop a lost or stolen device from becoming a reportable data breach. Given the prevalence of this pattern, it seems that someone lost that memo.

CIS Controls for consideration

Protect data at rest

Data Protection [3]
– Encrypt Data on End-User Devices [3.6]
– Encrypt Data on Removable Media [3.9]

Secure Configuration of Enterprise Assets and Software [4]
– Enforce Automatic Device Lockout on Portable End-User Devices [4.10]
– Enforce Remote Wipe Capability on Portable End-User Devices [4.11]

Incident Classification - Denial of Service

Incident Classification - Privilege Misuse