The Enemy Within
With all the headlines about criminals, hactivists (like Anonymous) and nation states stealing information from high profile companies, which group is responsible for the most data breaches? To answer that question, and many others, Symantec and the Ponemon Institute teamed up to conduct the 3rd annual Global Cost of Data Breach Study [PDF], which looks at the trends and financial impact of data breaches on businesses around the world.
We released the results earlier this year and the answers surprised people. In spite of all the headlines, insiders—employees, contractors and other people who have legitimately been given access to corporate information—were actually the leading cause of data breaches, accounting for more than 36 percent of incidents globally. Malicious attacks were responsible for 34 percent of data breaches globally, trailed by system glitches at 29 percent.
Japan had the highest number of incidents caused by negligent insiders, followed closely by the US and Italy. In Germany, France and Australia, more data breaches were caused by malicious attacks than negligent insiders. India differed dramatically from other countries included in the study with 45 percent of data breaches caused by system glitches.
Our survey findings signal that companies are finally starting to take the protection of sensitive and confidential information more seriously in order to avoid costly fines and loss of reputation and brand, but the cost to notify victims keeps getting higher. Companies in the US spend $5.5 million per data breach; nearly double that of Germany and the UK, and 18 times more than India. This is largely because of a variation in the laws around the notifications that companies have to do after they are aware a breach has occurred.
However, companies typically take precautionary measures AFTER they’ve suffered a breach. Some of these measures are changes on the part of employee behavior, such as adopting training programs and implementing manual controls. Others are technology-based, such as increasing the use of encryption and deploying data loss prevention solutions. But constant vigilance is the only way to protect against a breach. A combination of training, intelligent information policies and effective technology will greatly improve an organization’s ability to protect its information and maintain a strong security posture.
Now, here’s my question to you: What are you doing to reduce your risk of a breach? Share your best practices below.
And, to learn more about this year’s Global Cost of a Data Breach and to access individual country reports, visit here. You can also estimate your organization’s risk exposure at Symantec’s www.databreachcalculator.com.