Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

Mistakes Approach Malice As Data Breach Cause

Malicious attacks are the leading cause of data breaches, but employee and contractor errors are a growing reason, study finds.

The Syrian Electronic Army: 9 Things We Know
(click image for larger view)
The Syrian Electronic Army: 9 Things We Know
U.S. businesses that experience a data breach spend about $188 per exposed record in cleanup costs.

That finding comes from the eighth annual Cost of Data Breach report released Wednesday by Ponemon Institute. The report, which was sponsored by Symantec, is based on surveys of 277 businesses across nine countries, and defines an exposed record as "information that identifies the natural person (individual) whose information has been compromised in a data breach."

The study found that each data breach cost U.S. businesses, on average, $5.4 million in 2012, down slightly from $5.5 million in 2011. But Germany, second after the U.S. with a total cleanup cost of $4.8 million, actually had the highest per-record cost of $199. Cleanup costs vary widely based on country due to various factors, such as regulations. The lowest per-record breach costs were reported by businesses in Brazil ($58) and India ($42), with total costs of $1.3 million and $1.1 million, respectively.

[ Yahoo is the latest major company to suffer data theft embarrassment. Read Yahoo Japan Data Breach: 22M Accounts Exposed. ]

Overall, the study found that 37% of breaches stem from malicious attacks, followed by human error or negligence on the part of an employee or contractor (35%), and system glitches (29%). Malicious attacks -- most often malware infections, malicious insiders, phishing attacks, social engineering attacks and SQL injection exploits -- imposed the highest cleanup costs, which include expenses related to detecting and responding to breaches and notifying affected consumers, as well as further cleanup.

While malicious attacks continue to make headlines, employee negligence is a growing concern. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey," said Larry Ponemon, chairman of the Ponemon Institute, in a statement.

In fact, causes other than malicious attacks were most often to blame in some countries. Although intentional attacks were the leading data breach culprit in Germany, human error was most often to blame in Brazil, while the leading reported cause of breaches at Indian businesses was traced to system glitches or business process failures.

The industries with the highest breach costs were healthcare ($233 per exposed record), financial services ($215), and pharmaceuticals ($207). Both the healthcare and financial services industries reported that the greatest cost associated with a data breach was lost business -- defined as lost customers, the cost of acquiring new customers and loss of brand reputation.

How can businesses keep data breach cleanup costs under control? According to the study, the top three proactive ways to minimize cleanup costs are to create and maintain a data breach response plan, which reduced per-record cleanup costs by an average of $42 per record for U.S. businesses, followed by having a strong security posture ($34) as well as a chief information security officer ($23).

Issuing data breach notifications to affected customers or consumers remains costly, accounting for 10% of total cleanup costs for U.S. businesses and 7% for German businesses. But the study found that notifying consumers too quickly -- meaning, less than 30 days after a breach -- added an average of $37 to a U.S. business's per-record cleanup costs. That's because by rushing to disclose breaches before wrapping related investigations and forensic analysis, businesses often over-estimate the extent of a breach.

Other factors that lead to costlier breaches include third parties being responsible for the breach, as well as the breach stemming from lost or stolen devices.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
timsed
50%
50%
timsed,
User Rank: Apprentice
6/5/2013 | 10:07:48 PM
re: Mistakes Approach Malice As Data Breach Cause
Thanks for the article Mathew - While I agree that malicious attacks can be costly, employee negligence or mistakes are the most painful. Privileged user access has expanded over the years and more cooks in the kitchen seemingly means more mistakes. As Product Manager for an operational security and change management toolset at Dell, I talk to people who needed to recover from that inadvertent drag and drop, or mistaken change of a value in infrastructure architecture like Microsoft Active Directory. As IT becomes more interconnected across tools, infrastructure and services, what was once a simple mistake can cost companies millions in lost revenue and productivity.

The approach I recommend to people is to put controls in place that not only track changes, but can prevent dangerous or damaging changes - even for privileged users. Unfortunately granularity of infrastructure and management interfaces isn't always what we would like - so you have to find a way to work around it. After all, the problem you prevent is the sweetest time and money you'll ever save!

Thanks again for pointing out the Ponemon Report!

#TimSedlack1

Tim Sedlack
Dell Software, GRC
Data Privacy Protections for the Most Vulnerable -- Children
Dimitri Sirota, Founder & CEO of BigID,  10/17/2019
Sodinokibi Ransomware: Where Attackers' Money Goes
Kelly Sheridan, Staff Editor, Dark Reading,  10/15/2019
7 SMB Security Tips That Will Keep Your Company Safe
Steve Zurier, Contributing Writer,  10/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: The old using of sock puppets for Shoulder Surfing technique. 
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-8071
PUBLISHED: 2019-10-17
Adobe Download Manager versions 2.0.0.363 have an insecure file permissions vulnerability. Successful exploitation could lead to privilege escalation.
CVE-2019-10752
PUBLISHED: 2019-10-17
Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json() helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite.
CVE-2019-12611
PUBLISHED: 2019-10-17
An issue was discovered in Bitdefender BOX firmware versions before 2.1.37.37-34 that affects the general reliability of the product. Specially crafted packets sent to the miniupnpd implementation in result in the device allocating memory without freeing it later. This behavior can cause the miniupn...
CVE-2019-13657
PUBLISHED: 2019-10-17
CA Performance Management 3.5.x, 3.6.x before 3.6.9, and 3.7.x before 3.7.4 have a default credential vulnerability that can allow a remote attacker to execute arbitrary commands and compromise system security.
CVE-2019-15626
PUBLISHED: 2019-10-17
The Deep Security Manager application (Versions 10.0, 11.0 and 12.0), when configured in a certain way, may transmit initial LDAP communication in clear text. This may result in confidentiality impact but does not impact integrity or availability.