Negligent Employees Are Leading Cause of Data Breaches

It’s that time of year again. Ponemon recently published its latest survey of data breach costs. The report–sponsored by Symantec–provides a lot of valuable information and insight into the underlying causes of data breaches, and the impact on organizations that don’t take the appropriate precautions to prevent them.

For the first time in the seven years Ponemon has been tracking this data, the average cost of a data breach has declined. The total impact went down from $7.2 million to only $5.5 million, and the average cost per compromised record dropped from $214 to $194. The decline in financial impact of a data breach can be largely attributed to customer apathy. Data breaches are so common that users are jaded and less likely to pack up and take their business elsewhere. It’s good news for the affected companies, but for the wrong reason.

Here are some other key findings from the report highlighted in a Symantec press release:

  • Negligent insiders and malicious attacks are the main causes of data breach. Thirty-nine percent of organizations say negligence was the root cause of the data breaches. For the first time, malicious or criminal attacks account for more than a third of the total breaches reported in this study. Since 2007, they also have been the most costly breaches. Accordingly, organizations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker.
  • Certain organizational factors reduce the overall cost. If the organization has a CISO with overall responsibility for enterprise data protection the average cost of a data breach can be reduced as much as $80 per compromised record. Outside consultants assisting with the breach response also can save as much as $41 per record. When considering the average number of records lost or stolen, all of these factors can provide significant and positive financial benefits.
  • Specific attributes or factors of the data breach also can increase the overall cost. For example, in this year’s study organizations that had their first ever data breach spent on average $37 more per record. Those that responded and notified customers too quickly without a thorough assessment of the data breach also paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.
  • Detection and escalation costs declined but notification costs increased. Detection and escalation costs declined from approximately $460,000 in 2010 to $433,000 in 2011. These costs refer to activities that enable a company to detect the breach and whether it occurred in storage or in motion.
  • More customers remain loyal following the data breach. For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer churn, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach.