informa
/
Attacks/Breaches
Quick Hits

CompTIA: Only One in Four Severe Data Breaches Are Intentional

New IT security report finds that most severe security breaches at US firms are inadvertent and caused by human error or technical malfunctions - and intentional breaches come mainly from the outside

Silly mistakes can cost you: Three out of four severe data breaches in an organization are the result of human error or technical failures, according to a new survey by the Computing Technology Industry Association (CompTIA) of IT security trends in 2007.

The main causes of these accidental breaches are a combination of human error and technical malfunctions (31 percent), according to the survey. About 29 percent of them come from human error alone and 14 percent from technical malfunction alone. And 10 percent are intentional internal breaches, and 16 percent from the outside.

Human errors are mostly caused by a failure to follow security procedures (45 percent) and a lack of security know-how (25 percent). Not following security procedures accounted for 56 percent of breaches in last year’s CompTIA study, however, and a lack of security knowledge caused only 17 percent of breaches in U.S. firms in '06.

The good news is that organizations experience less than one breach each year on average, and about two thirds of the respondents in the U.S. said they didn’t suffer any breaches in the past year at all (that number has been about the same since CompTIA’s '05 results).

And while the median cost of a security breach stayed steady about $5,000, the average cost of a breach dropped last year to $230,000 from $370,000 in 2006. CompTIA attributes this to fewer respondents reporting breach costs of $10 million or more in '07.

In the U.S., viruses, email-borne attacks, and spyware make up over half of all attacks, as was the case in '06.

In 2007, 12 percent of the IT budget went to security, up from 7 percent in '06, and the CompTIA report concluded that security spending overall will increase. Over 40 percent of security spending today goes to technology; 17 percent to security-related processes; 15 percent to training; 13 percent to assessments; and 10 percent to certifications.

U.S. companies spent an average of $200,000 due to security breaches, and one third of that was due to loss of productivity of employees.

Security training saved U.S. firms up to $2.2 million overall, according to CompTIA’s survey results.

— Kelly Jackson Higgins, Senior Editor, Dark Reading

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5