Story image

Humans cause data breaches. Fact.

07 Jun 13

Human errors and system problems caused two-thirds of data breaches during 2012, with employee behaviour one of the most alarming issues facing companies today.

A recent study by Symantec and the Ponemon Institute claims issues included employee mishandling of confidential data, lack of system controls and violations of industry and government regulations.

Heavily regulated fields – including healthcare, finance and pharmaceutical – incurred breach costs 70% higher than other industries according to the report.

“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” says Larry Ponemon, chairman, Ponemon Institute.

“Eight years of research on data breach costs has shown employee behaviour to be one of the most pressing issues facing organisations today, up 22% since the first survey.

The findings claim the errors pushed the global average to $136 per record, with the study considering customer or consumer data (including payment transactional information), employee records, citizen, patient and student information as a data record.

The cost per record is the average cost per compromised data record of direct and indirect expenses incurred by the organisation.

“Given organisations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” says Anil Chakravarthy, executive vice president of the Information Security Group, Symantec.

“Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data centre.”

Additional findings include:

• Average cost per data breach varies widely worldwide. Many of these differences are due to the types of threats that organisations face, as well as the data protection laws in the respective countries.

• Mistakes made by people and systems are the main causes of data breach.

Together human errors and system problems account for 64% of data breaches in the global study, while prior research shows that 62% of employees think it is acceptable to transfer corporate data outside the company and the majority never delete the data, leaving it vulnerable to data leaks.

Symantec says this illustrates the large extent to which insiders contribute to data breaches and how costly that loss can be to organisations.

• Malicious and criminal attacks are the most costly everywhere. Consolidated findings show that malicious or criminal attacks cause 37% of data breaches and are the most costly data breach incidents.

Symantec recommends the following best practices to prevent a data breach and reduce costs in the event of one:

• Educate employees and train them on how to handle confidential information.

• Use data loss prevention technology to find sensitive data and protect it from leaving your organisation.

• Deploy encryption and strong authentication solutions.

• Prepare an incident response plan including proper steps for customer notification.

Is human error the biggest explanation for data loss? Tell us your thoughts below

MulteFire announces industrial IoT network specification
The specification aims to deliver robust wireless network capabilities for Industrial IoT and enterprises.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.