When asked to explain the nature of these "non-cyber" incidents, Gregory C. Wilshusen, Director, Information Security Issues for the GAO told THE WEEKLY STANDARD [emphasis added]:
The non-cyber incidents are those pertaining to the spillage or mishandling of personally identifiable information which involve hard copies or printed material as opposed to digital records. While my statement focused on cyber threats, it also touched upon data breaches which can be effected through cyber and non-cyber means.The GAO report indicated that in 2006, the total number of "information security incidents reported by federal agencies" (cyber and non-cyber) were 5,503. (The breakdown of cyber versus non-cyber for 2006 was not available.) But even using these figures, the number of non-cyber incidents alone in 2014 (16,879) is more than three times the total number of security incidents in 2006.
Although cyber incidents have the potential to do widespread damage due to the nature of computer-based crime, the rapid increase in paper-based incidents involving personally identifiable information is worrisome as well. As bureaucrats and policy makers focus on high-tech mischief and crime, a growing number of criminals appear to be content to steal information the old fashioned way.
Note: A version of this post first appeared at The Weekly Standard.