The ITRC, a nonprofit group that traces data breaches and helps its victims, in its 2009 report “Data Breaches: The Insanity Continues” reveals hard-to-get stats on the current state of data breaches.

But as they admit, since there is no national standard for reporting such events, their data consists only of confirmed incidents –- there is little doubt that there are far more unreported breaches.

Among the findings:

1. Businesses account for 41% of the breaches.
2. The lowest rate of breaches is in medicine and financial sectors, due to stricter regulation.
3. Only in 2% of the breaches reported was any serious security measure (such as encryption) in place.
4. Hacking is the leading cause of data breaches for the first time in the survey, at 19%. Insider theft is next at 15%, together making up a higher total than human error.

The biggest worries according to the report: Very little encryption is in use in spite of the pervasiveness of the problem, and there are few enforceable laws that mandate the protection of data and the notification of those whose data has been violated.