While the cost of data breaches in the United States is declining, the nation still has the highest total cost per breach and spent $5.4 million on data breaches in 2012, according to a study conducted by Symantec Corp. and the Ponemon Institute.
The 2013 Cost of Data Breach Study: Global Analysis, released June 5, reveals human errors and system problems caused two-thirds of data breaches in 2012. These data breaches were caused by issues such as employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations.
Although the U.S. spent more than $5 million on data breaches this past year, the cost per record declined from $194 to $188.
The study found malicious or criminal attacks cause 37 percent of data breaches. These type of breaches are also the mostly costly to the organization. Data breaches caused by malicious or criminal attackers are the most expensive in the U.S., costing $277 per compromised record.
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, chairman of the Ponemon Institute. “Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey.”
Cost of data breach is determined by the direct and indirect expenses incurred by the organization in detecting and investigating the breach, as well as customer-related issues such as compensation and diminished acquisition rates.
Companies that acquired the least amount of cost were those with an incident management plan. Fifty-two percent of the organizations surveyed had an benchmark incident management plan at the time of the data breach.
Other factors that affect cost are security postures at the time of the breach, timeliness of alerting affected customers, and the nature of the data breached.
“Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” said Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. “Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center.”
Fourteen different sectors were represented in the study, with most organizations in the financial, industrial, communications and hospitality industries.
Companies can analyze their own risk by visiting Symantec’s Data Breach Risk Calculator, which considers the organization’s size, industry, location and security practices for both a per record and an organizational estimate.