itb-nz logo
Story image

Humans cause data breaches. Fact.

07 Jun 2013

Human errors and system problems caused two-thirds of data breaches during 2012, with employee behaviour one of the most alarming issues facing companies today.

A recent study by Symantec and the Ponemon Institute claims issues included employee mishandling of confidential data, lack of system controls and violations of industry and government regulations.

Heavily regulated fields – including healthcare, finance and pharmaceutical – incurred breach costs 70% higher than other industries according to the report.

“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” says Larry Ponemon, chairman, Ponemon Institute.

“Eight years of research on data breach costs has shown employee behaviour to be one of the most pressing issues facing organisations today, up 22% since the first survey.

The findings claim the errors pushed the global average to $136 per record, with the study considering customer or consumer data (including payment transactional information), employee records, citizen, patient and student information as a data record.

The cost per record is the average cost per compromised data record of direct and indirect expenses incurred by the organisation.

“Given organisations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” says Anil Chakravarthy, executive vice president of the Information Security Group, Symantec.

“Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data centre.”

Additional findings include:

• Average cost per data breach varies widely worldwide. Many of these differences are due to the types of threats that organisations face, as well as the data protection laws in the respective countries.

• Mistakes made by people and systems are the main causes of data breach.

Together human errors and system problems account for 64% of data breaches in the global study, while prior research shows that 62% of employees think it is acceptable to transfer corporate data outside the company and the majority never delete the data, leaving it vulnerable to data leaks.

Symantec says this illustrates the large extent to which insiders contribute to data breaches and how costly that loss can be to organisations.

• Malicious and criminal attacks are the most costly everywhere. Consolidated findings show that malicious or criminal attacks cause 37% of data breaches and are the most costly data breach incidents.

Symantec recommends the following best practices to prevent a data breach and reduce costs in the event of one:

• Educate employees and train them on how to handle confidential information.

• Use data loss prevention technology to find sensitive data and protect it from leaving your organisation.

• Deploy encryption and strong authentication solutions.

• Prepare an incident response plan including proper steps for customer notification.

Is human error the biggest explanation for data loss? Tell us your thoughts below