Internal issues still cause more data loss than outside attacks, says report
The Ponemon Institute, sponsored by security software company Symantec, released on Tuesday its seventh annual Cost of Data Breach Report, which analyzes and quantifies the financial impact of data breach incidents around the world.
This year, the Institute looked at the security data from 49 companies in the United States, United Kingdom, Germany, France, Australia, India and Italy, and interviews with over 400 individuals from these companies were conducted over nine months in 2011.
The first big item in the study this year is the fact that it registered the first decline in overall cost for lost/compromised records. In 2011, data breaches cost companies an average of $194 per compromised record ($135 of this comes from indirect costs.) Last year’s average per capita cost was $214, with an average indirect cost of $141. Factors that contributed to this overall drop in cost were a decrease in customer churn, and the simple fact that there were fewer lost or stolen records.
The Institute said that fewer customers in 2011 abandoned companies that suffered from a data breach. However, this varies from industry to industry, and the communications industry remains the area where data breaches are the most costly (at an average of $334 per capita, well above the average.)
The second big point is that the biggest threats for institutional data loss are still internal. Thirty-nine percent of organizations in the study said negligence was the root cause of the data breaches. Malicious attacks were the second most common cause of data loss with a close 37 percent, but of the various attack vectors, malicious employee theft was the second most common with 33 percent. This means over half of the threats (51.2%) come from inside of the organization.
"Insiders continue to pose a serious threat to the security of their organizations," said Francis deSouza, group president, Enterprise Products and Services, Symantec Corp. "This is particularly true as the increasing adoption of tablets, smart phones and cloud applications in the workplace means that employees are able to access corporate information anywhere, at any time. It is essential for companies to put the proper information protection policies and procedures in place to counterbalance these new realities."