A joint study conducted by Symantec Corp. and the Ponemon Institute has revealed that human errors and system problems are the cause of two-thirds of data breaches around the world, pushing the global average of the cost of data breaches to $136 per record.
The study, 2013 Cost of Data Breach Study: Global Analysis, shows that common causes of data breaches originating from within organizations included employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations.
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, chairman of the Ponemon Institute. “Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey.”
“Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” said Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. “Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center.”
The objective of the study was to take a macro-level view of data breaches to understand the costs involved for organizations, how these costs are changing, and to get a better picture of the differences between countries in terms of data breaches.
The study found that human errors and system glitches accounted for 64 percent of data breaches. This could include “a well meaning employee or someone who is just trying to do his job who accidentally sends out classified information through an email, or maybe a hidden column in a spreadsheet,” explained Linda Park, marketing manager at Symantec, while system glitches include “application failures, inadvertent data dumps, logic errors in data transfer, identity or authentication failures (wrongful access), data recovery failures, and more.”
Speaking about what security executives can do to minimize their exposure to data breaches, Parks felt that more work needs to be done around cyber security awareness and education, but this alone is not enough. “We recommend having security technologies in place to help you protect against any lost devices, people trying to get into your organization to steal that information, as well as well-meaning employees who are just trying to do their job. We specifically recommend data loss prevention technology, encryption, as well as education to help make sure the appropriate people have access to your information and systems and you can monitor as to what those people are doing within your network with your sensitive data,” she said.
Although Canadian organizations were not included in the 2013 survey, Symantec hopes to incorporate them into future studies.
Symantec has identified four best practices for organizations to prevent a data breach and reduce costs in case of one:
• Educate employees and train them on how to handle confidential information;
• Use data loss prevention technology to find sensitive data and protect it from leaving your organization;
• Deploy encryption and strong authentication solutions; and
• Prepare an incident response plan including proper steps for customer notification.
You can read the full study here: http://www.symantec.com/content/en/us/about/media/pdfs/b-cost-of-a-data-breach-global-report-2013.en-us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2013Jun_worldwide_CostofaDataBreach
