Negligent insiders are the top cause of data breaches but malicious attacks are 25 percent more costly, according to the findings of the " 2011 Cost of Data Breach Study: United States," published by Symantec and the Ponemon Institute.
The study also found organizations which employ a chief information security officer (CISO) with enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record. The organizational cost of a data breach was $5.5 million in 2011. The seventh annual Ponemon "Cost of a Data Breach" report is based on the actual data breach experiences of 49 U.S. companies from 14 different industry sectors.
“This year’s report shows that insiders continue to pose a serious threat to the security of their organizations,” said Francis deSouza, group president of enterprise products and services at Symantec. “This is particularly true as the increasing adoption of tablets, smartphones and cloud applications in the workplace means that employees are able to access corporate information anywhere, at any time. It is essential for companies to put the proper information protection policies and procedures in place to counterbalance these new realities.”
Aside from having a CISO with overall responsibility for enterprise data protection, outside consultants assisting with the breach response also can save as much as $41 per record, according to the report. Specific attributes or factors of the data breach also can increase the overall cost. For example, in this year’s study organizations that had their first ever data breach spent on average $37 more per record. Those that responded and notified customers too quickly without a thorough assessment of the data breach paid an average of $33 more per record. Data breaches caused by third parties or a lost or stolen device increased the cost by $26 and $22, respectively.
Meanwhile, detection and escalation costs declined but notification costs increased. For the first time, fewer customers are abandoning companies that have a data breach. However, certain industries are more susceptible to customer loss, which causes their data breach costs to be higher than the average. Taking steps to keep customers loyal and repair any damage to reputation and brand can help reduce the cost of a data breach.
Symantec recommended that organizations protect their information by proactively encrypting laptops, integrating information protection practices into business processes and deploying data loss prevention technologies.