Wednesday, June 05, 2013
Cost per data breach growing, study finds
By now, virtually every business is well-aware of the threats posed by data breaches. These events have received a tremendous amount of news coverage, and for good reason. When a breach occurs, a firm will inevitably experience significant, negative consequences. Any lost information may undermine the company's competitive advantage in its given industry, and exposed client data can hurt a firm's reputation, as well as lead to regulatory action.
A recent study further emphasized the impact of data breaches on companies, finding that the cost per incident for U.K. firms has never been higher.
Symantec's 2013 Cost of Data Breach Study, conducted by the Ponemon Institute, found that among U.K. organizations, the average cost of a data breach reached approximately $3.1 million per incident in 2012, and the cost per exposed or stolen record was $131, Techworld reported. In 2011, the cost of the average data breach was $2.7 million, and each record bore a price tag of approximately $121.
These figures were determined through the analysis of 38 reported incidents affecting U.K. firms in 2012. These data breaches ranged in scope from 3,500 records exposed to more than 70,000, the news source noted. The cost estimates included such factors as the expense of detecting breaches, notifying and providing support for customers, subsequent turnover and customer churn. Of the $131 cost associated with each compromised record, $67 was attributed to indirect losses.
According to the news source, the study found that data breaches affected some industries more severely than others. Most notably, businesses in the financial services sectors saw the highest cost per record at $182, whereas media and industry firms experienced costs of $81 per record on average.
A variety of causes
Significantly, the study found that there were a wide range of causes behind the data breaches studied. Negligence was the most common cause, responsible for approximately 37 percent of incidents, according to the news source. This was followed by criminal activity at 34 percent and technical errors at 29 percent.
This relatively even distribution suggests that businesses must be vigilant in various capacities to ensure that their data remains safe.
"With more than a third of U.K. data breaches involving negligent employees or contractors the human factor is still the weakest link, and so training and awareness should be a priority from the offset," said Mike Smart, Symantec's product and solutions manager, according to the news source. "But here in the U.K. it seems that malicious attacks are becoming nearly as big a problem. Not only have more data breaches been down to malicious attacks, but when it does happen, it's far more costly."
The need for action
Considering the costs associated with data breaches and the variety of causes, it is imperative that firms take steps to ensure that their information remains protected at all times.
Critically, organizations should invest in tools that can guarantee the integrity of information as it is being sent and received by individuals within the company. Only a high-grade solution can protect information from the threat of cyberattackers who are increasingly targeting firms to acquire their invaluable data.
For example, businesses should consider enterprise managed file transfer (MFT) tools. These solutions are trusted by some of the largest organizations in the world to ensure the integrity of their information as it is distributed to various personnel. Even the U.S. Army relies on MFT when sending sensitive data around the world. When such tools are used, cyberattackers simply have no means of gaining access to data in motion. This is critical, as moving data is often seen as more vulnerable than stored, static information.
To be truly effective, though, firms must select MFT solutions that are not only robust and secure, but also easy to use. If this is not the case, employees may be less vigilant in their use of these resources, instead relying on more convenient but less secure options. By choosing a solution that was specifically designed with the user experience in mind, though, organizations can improve employee adoption, thereby greatly increasing the overall integrity of corporate data.