Employees who betray access to sensitive company information were the scourge of cybersecurity experts in 2009, "a transformational year in the trenches" of cybersecurity, according to a new report issued by Verizon Business and the U.S. Secret Service.

The number of insider breaches jumped 28 percent from 2008 to comprise 49 percent of all compromises.

The problem was worse than expected, in part because the addition of Secret Service data shed more light on the issue.

The annual report culled more than 900 breaches that involved more than 900 million compromised records over the past six years. This year's report is the first collaboration between Verizon Business, an arm of the telecommunications giant, and the government organization.

Since nearly half of all breaches come from employees inside a company, the Secret Service recommends more discerning pre-employment screening and a greater separation of job duties for those handling sensitive company information.

Though the overall number of breaches in 2009 declined from the year prior, the report still found an overwhelming proportion -- 96 percent -- were avoidable through simple preventative measures like employee monitoring. About 85 percent of the attacks were described as not overly sophisticated.

Breaches were once again concentrated in three industries, with financial services, hospitality and retail comprising 71 percent.

The report also found small organizations with 101 to 10,000 employees to be most vulnerable to attack; they were the victims of 49 percent of reported incidents.

The Secret Service found seemingly minor security violations are often indicative of a bigger problem, and suggested minor violations should be investigated for more serious abuse.

The Secret Service ended the 64-page report with a demographic description of today's typical hacker. It describes a globalized community that communicates online and rarely in person -- a far cry, the report said, from the "monolithic computer underground" seen in the Web's early days.

But this community also might not be as bright as in the past.

"Many online underground venues are populated largely by the young and the curious who are not hard-core criminals and whose capabilities and sophistication are as limited as their experience," the report states.

"Money Q&A" and "Company Town" are featured exclusively at PG+, a members-only web site of the Pittsburgh Post-Gazette. Our introduction to PG+ gives you all the details.