A number of reports in recent months have highlighted the threat posed by companies' employees when it comes to
data breaches, and now a new study shows just how prevalent that concern is.
In all, 39 percent of data breaches suffered by various organizations last year were caused by employees' negligence, according to the 2011 Cost of
Data Breach Study from the
Ponemon Institute and Symantec Corp. Often, this negligence can come in the form of anything from misplacing a portable USB drive to having a computer stolen or even simply emailing the wrong files to unauthorized recipients accidentally.
"This year's report shows that insiders continue to pose a serious threat to the security of their organizations," said Francis deSouza, group president for enterprise products and services at Symantec. "This is particularly true as the increasing adoption of tablets, smartphones and cloud applications in the workplace means that employees are able to access corporate information anywhere, at any time. It is essential for companies to put the proper information protection policies and procedures in place to counterbalance these new realities."
However, not far behind on that list was malicious or criminal attacks, which accounted for more than a third of the breaches these organizations experienced, the report said. Malicious attacks have also been the most costly data breaches for organizations to experience since the 2007 version of the study. On average, they cost the companies which suffer these breaches 25 percent more than those hit with other types of incidents.
Fortunately for organizations suffering data breaches, the costs associated with them is coming down somewhat, the report said. Detection and escalation costs slipped to an average of $433,000 in 2011 from $460,000 the year before, but at the same time, the cost of notifying those who were victimized by the breaches also rose between 2010 and 2011. In all, the average breach cost an organization $5.5 million last year, as opposed to $7.2 million the year before, based on a cost-per-record decline of $20, to $194 from $214.
Ondrej Krehel, the chief information security officer for
Identity Theft 911, has a blog that outlines the problems faced by organizations and consumers alike in the wake of a data breach.
© 2003-2012 IDentity Theft 911, LLC. All Rights Reserved