Video Screencast Help
Scheduled Maintenance: Symantec Connect is scheduled to be down Saturday, April 19 from 10am to 2pm Pacific Standard Time (GMT: 5pm to 9pm) for server migration and upgrades.
Please accept our apologies in advance for any inconvenience this might cause.

Mistakes are costing companies millions from avoidable data breaches

Created: 05 Jun 2013 • Updated: 05 Jun 2013 • 2 comments
RobertHamilton's picture
0 0 Votes
Login to vote

SYM-Cost-of-a-Data-Breach-rev-G-2013-05-31_0.jpgLately not a day goes by without a major news story on cybercriminals, hacktivists, and spies.  These are generally viewed as the main threat actors behind the data breaches that we spend so much time -- and budget -- fighting. But what about Anne in Accounting, Sam in Sales and Paul in Production? While malicious attacks are certainly a significant problem and make for thrilling headlines, it’s mistakes made by people and systems that actually cause the majority of data breaches.

According to the 2013 Cost of a Data Breach study, negligence and system glitches together accounted for 64 percent of data breaches last year. These can include employees mishandling information, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.

Insiders greatly contribute to data breaches. In fact, in the eight years since Symantec started tracking data breach costs with the Ponemon Institute, the insider threat leading to data breach has increased 22 percent. What’s even more concerning is these trusted insiders likely don’t know they’re doing something wrong. In related research, we found that 62 percent of employees think it is acceptable to transfer corporate data outside the company on personal devices and cloud services. And the majority never delete the data, leaving it vulnerable to data leaks.

These breaches caused by human error are significant. At $159 per compromised record in the United States ($117 globally), the mistakes made by trusted employees are costing enterprises a lot of money. While the cost of a data breach can vary widely because of the types of threats and data protection laws, the financial consequences are serious worldwide.

But this year’s report is not all bad news -- in the United States, the total cost per data breach was down slightly at $5.4 million. This suggests that organizations have made improvements in how they plan for and respond to data breach incidents. Certain factors can help organizations reduce the cost of a data breach such as having a strong security posture and an incident response plan, and appointing a CISO.

So what would a data breach cost your company? You can calculate an estimate of it yourself at www.databreachcalculator.com. This free tool from Symantec lets you connect the dots between all of this research by estimating how a data breach could impact your company.

While we struggle to keep cybercriminals out of our data center, we must not ignore the risk of data breach posed by people within our organizations.

The mistakes of our employees can be just as damaging as a breach caused by cybercriminals, hactivists and spies. Two-thirds of data breaches are right under our noses and more easily avoidable if we’d just pay attention to it. Symantec recommends the following best practices to prevent a data breach and reduce costs in the event of one:

  1. Educate employees and train them on how to handle confidential information.
  2. Use data loss prevention technology to find sensitive data and protect it from leaving your organization.
  3. Deploy encryption and strong authentication solutions.
  4. Prepare an incident response plan including proper steps for customer notification.

You can learn more about the Cost of a Data Breach study and download the global report and nine country reports for the United States, United Kingdom, France, Germany, Italy, India, Japan, Australia, and Brazil at http://bit.ly/10FjDik

Blog Entry Filed Under:

Comments 2 CommentsJump to latest comment

DDoS Protection's picture

Educating your employees is an ongoing process. They come and go. It requires focus and a good plan in place. It always has been a problem and it will continue to be. We have teach them to not use the same password for all their online services, to avoid running and installing untrusted softwares, to update their computer regularly and sensibilise them against fishing websites and emails.

I agree, news on cyber attacks are all over the web these days. 

ZEN Network Technologies relies on the most advanced DDoS protection technology available today, and is constantly setting the pace whenever new threats surface.

0
Login to vote
DomenicG's picture

Data breaches can be a pure disaster.. especially on my company's field of business. Preparing an incident response plan and proper steps for customers notification has been long, and I hope we wont have to use it.. Thanks for this interesting post. 

Domenic.

0
Login to vote