The Value of Corporate Secrets study, carried out on behalf of RSA and Microsoft, surveyed 305 IT security decision makers and found that, although many protect against data theft, few resources are devoted to protecting secret trade and company information.

The report by Forrester Consulting found that whist 90% of companies comply with data laws, breach regulations and security policies but then weight them against “custodial data”, when they should be protecting internal company secrets.

“Companies are spending money to protect customer, medical and payment card information, as they should, but more emphasis needs to be placed on protecting the intellectual property and data that has intrinsic value to an organisation, ” said Sam Curry, chief technology officer for marketing at RSA.

“The loss of intellectual property can cause long-term competitive harm to an organisation. The recent and highly sophisticated attacks targeting intellectual property at large multinational companies are examples of this type of loss.”

The survey also found that the majority of companies tend to focus primarily on protecting against accidental loss, neglecting potential internal threats, such as employees, contractors and “trusted outsiders”. It was claimed that internal data breaches can be up to ten times costlier than accidental loss.

“Insider risk is a real and growing threat, and the modern enterprise environment of collaboration with a variety of outside parties creates more opportunities for leakage and theft,” said John Chirapurath, senior director of the Identity and Security Business group at Microsoft.

“This data illustrates that the more a company has to lose in terms of information value, the more criminal activity it will face.”

Identity thieves, who claim to have stolen the details of 21 million German bank accounts, were offering the data for a total of €12m (US$15.3m) according to WirtschaftsWoche magazine.

Reporters for the publication claim to have met two individuals involved in the security scam at a face-to-face meeting in Hamburg who offered them a CD-ROM containing the names, addresses, phone numbers, birthdays, account numbers and bank routing numbers of 1.2 million accounts. The journalists were posing as interested buyers working for a gambling operation.

“We took away with us the first delivery, a CD with 1.2 million accounts, that we couldn’t imagine,” said one of the editors involved in the investigation. “In the worst case, three out of four German households would have to be afraid that some money could be taken from their checking account without their authorisation, and perhaps even without their realising it,” the magazine stated.

It’s Germany’s second mega heist of personal information in as many months. In October, T-Mobile admitted losing records belonging to 17 million customers that included their names, addresses, dates of birth, phone numbers, and email addresses.

Peter Schaar, a government official in charge of protecting personal data, said the WirtschaftsWoche report should serve as a “wake-up call”.