Security Pros Are Your Best Defence, Says Study

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved,

Negligence causes most breaches, but the malicious ones cost most money, according to a study

While the cost of data breaches fluctuates from year to year, one thing has remained the same – employee negligence is the leading cause of data breaches. In the US, negligence accounted for 40 percent of the breaches analyzed by the institute. Just under a quarter of the breaches (24 percent) were caused by malicious or criminal attacks.

Negligence causes more breaches

“This is a frustrating statistic because it seems that addressing employee negligence would be the easiest, least costly way to make the most significant gains in data protection,” Ponemon said. “Give yourself more time to check in at the airport; don’t leave your PDA in the taxi; don’t plug into an unsecured home network; don’t disable your laptop’s encryption… education and awareness can create a more vigilant, security-conscious culture, yet we see employee negligence remains atop the charts.”

However, breaches due to negligence tended to be less costly than others, the research found. Malicious attacks did the most damage to corporate pocketbooks, and cost much more in countries without data breach notification laws. For example, malicious attacks in France and Australia cost 121 percent and 61 percent more respectively per compromised record than average. In the US by contrast, the cost per record only went up seven percent.

The report recommended businesses take a number of steps to reduce the likelihood of data breaches or minimise their impact, including: ensuring portable data-bearing devices are encrypted, vetting and evaluating the security posture of third-parties they share data with and drafting communications that clearly define the root causes of a breach to minimize customer turnover.

“It doesn’t matter where they’re located, if a company gains a reputation for being careless with confidential data, the brand will suffer,” said Phillip Dunkelberger (left) , CEO of PGP, in a statement. “Data is currency, it needs to be protected.  Data breach notification laws mean consumers are informed; more countries around the world are looking to tighten their data protection legislation as they realize lost data means an increase in customer turnover.”