The 900-lawyer practice advised on 200 such cases last year. Healthcare was the most vulnerable sector, according to the firm's Data Security Incident Reponse Report. Gerald Ferguson said: 'While sophisticated software and monitoring/detection systems have become more widely adopted, our data suggests that many security breaches still result from low-tech missteps. Chief information security officers should combine general security awareness training with state-of-the-art data security architecture, to minimize vulnerabilities.' 

Four month time lapse

In just under two-thirds of cases (64%), the incidents were detected by the organisations in which they occurred On average, detection occurred 134 days - four and a half months - after the incident took place. Source: BakerHostetler