Most Data Breaches Caused by Human Error, System Glitches
Companies can significantly decrease the cost of data breaches by teaching employees not to cut corners and by adopting a strong security posture and an incident response plan.
Mon, June 17, 2013
CIO — When it comes to data breaches, hackers and organized crime garner most of the headlines, but most data breaches are caused by human errors and system glitches—application failures, inadvertent data dumps, logic errors in data transfer and more. As a result, educating your employees and making sure they're not cutting corners is a big component in preventing data breaches.
"While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious," says Larry Ponemon, chairman and founder of security research think tank the Ponemon Institute. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey."
Education Is Key to Reducing Data Breaches
"The key to reducing data breaches for the vast majority of reasons is really to educate employees," says Robert Hamilton, director of product marketing at Symantec. "You can do it in two ways: through general awareness security training and by deploying technology like data loss prevention technology. We actually classify that as employee education, but you're doing it in real time. It's not blocking data from moving somewhere, it's actually educating the employees."
Implementing a strong security posture and incident response plan, as well as appointing a chief information security officer (CISO), also reduces the costs of data breaches by about 20 percent.
"Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear," says Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. "Companies must protect their customers' sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center."
The Cost of Data Breaches on the Rise
The cost of those data breaches is on the rise. The Symantec-Ponemon study found that the global average cost of a data breach rose from $130 per compromised record in 2011 to $136 per compromised record in 2012.
The Ponemon Institute has conducted this benchmark study for eight years using the activity-based costing model developed by Harvard University Professor Robert S. Kaplan. Ponemon says the model starts with the detection or study of a data breach incident and takes into account forensic and investigative activities, incident response, notification, legal, consulting, outbound communication and call center activities, activities to maintain customer confidence and trust, direct churn, secondary churn and increased customer acquisition costs.