System failure blamed for increasing data breach costs
Negligence drops to number 2...
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
System failure has replaced negligence as the single biggest source of data breaches involving UK firms, the cost of which rose for the third successive year.
The average data breach cost UK organisations £1.9 million or £71 per record, an increase of 13 per cent from the year before, according to a Symantec-sponsored survey. Cost of breaches ranged from £36,000 to £6.2 million.
The 2010 edition of the survey blamed "malicious or criminal attacks" for 29 per cent of all data breaches, up from 22 per cent during 2009. The costs arising from data breaches include cleanup costs as well as increased customer churn due to diminished trust.
More than a third (37 per cent) of the cases scrutinised during the study involved system failure, up 7 percentage points on 2009. Negligence, by contrast, dropped 11 points to reach a 34 per cent blame for data breach rating last year. Lost or stolen devices and third-party mistakes each fell slightly, while malicious or criminal attacks rose five points to become the principle reason given for 29 per cent of data breach incidents.
The survey, published today, and carried out by the Ponemon Institute under the sponsorship of Symantec, was based on an analysis of actual data breach experiences of 38 UK companies from 13 different industry sectors, including banks and telecoms.
Seven in 10 firms hit by data breach problems applied encryption technologies as a post-breach remedy, while moves to strengthen perimeter controls were applied by a similar number (69 per cent) of victims.
Last year the Information Commissioner's Office (ICO) received new enforcement powers, including the ability to levy heavy fines on organisations that experience data breaches as a result of negligence, providing even more reason to prevent breaches in the first place.
"Regulators are cracking down to ensure organisations implement required data security controls or face harsher penalties," said Dr Larry Ponemon, chairman and founder of the Ponemon Institute. "Confronted with both malicious and non-malicious threats from inside and outside the organisation, companies must proactively implement policies and technologies to mitigate the risk of costly breaches." ®
COMMENTS
No wonder negligence reports are down
> levy heavy fines on organisations that experience data breaches as a result of negligence,
Presumably all that has happened is a reclassification of the root cause from the blameful negligence to the woolly and non-specific "system failure".
Data breaches have a real cost to organisations
The latest data from the Ponemon Institute serves as a stark reminder of the costs of lax data security to UK businesses.
Failure to clamp down on data security has real and painful consequences for any organisation, putting jobs at risk, generating lasting bad press and eroding what are already fragile revenues in the current economic climate.
Worryingly, the significant figure of £1.9 million average cost per incident, or £71 per compromised record, does not account for the ability of the Information Commissioner’s Office to fine companies in the UK up to £500,000 for each instance of a data protection failing is taken into account.
The growth in the cost of a data breach represents the knock-on effect of increased mobile device use in the workplace, including removable storage, as well as an increasingly lax attitude to protecting not only removable storage devices but data in all its forms. Some 64 per cent of those surveyed by Ponemon acknowledged the risk post by mobile devices to data security, while 84 per cent said that insecure mobile devices were likely to have accessed corporate data in some form.
Fortunately, the Ponemon Institute report shows investment is increasing as companies look to correct such oversights before they become systemic. The value of such an investment is certainly attractive in comparison to the costs of a data breach.
Tom Colvin, Chief Technology Officer, Conseal Security
Orgs need to better understand source or risks
Once again, UK data breach costs are rising, to an average of £71 per record. Data breaches can create catastrophic bad press and can have a painful impact on the bottom line. Coupled with the new powers of the Information Commissioner’s Office to fine companies in the UK upwards of £500,000 for each instance of a data protection failing, the final overall cost of a breach or loss could very quickly dwarf the £1.9 million revealed by this. The fact that policy failures accounted for the biggest proportion, 37%, indicates that while companies are heavily investing in intrusion prevention, they are not properly managing access by their own employees to critical data such as customer information or patient records. Organisations need to better understand where their greatest sources of risk reside as well as who is accessing sensitive data, how and why. It is the organisation’s responsibility to stringently manage policy and track activity to make sure that access to the most sensitive data is only granted to those for whom it is necessary to do their jobs.
Marc Lee, EMEA Sales Director, Courion
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
