Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
New IT security report finds that most severe security breaches at US firms are inadvertent and caused by human error or technical malfunctions - and intentional breaches come mainly from the outside
2 Min Read
Silly mistakes can cost you: Three out of four severe data breaches in an organization are the result of human error or technical failures, according to a new survey by the Computing Technology Industry Association (CompTIA) of IT security trends in 2007.
The main causes of these accidental breaches are a combination of human error and technical malfunctions (31 percent), according to the survey. About 29 percent of them come from human error alone and 14 percent from technical malfunction alone. And 10 percent are intentional internal breaches, and 16 percent from the outside.
Human errors are mostly caused by a failure to follow security procedures (45 percent) and a lack of security know-how (25 percent). Not following security procedures accounted for 56 percent of breaches in last year’s CompTIA study, however, and a lack of security knowledge caused only 17 percent of breaches in U.S. firms in '06.
The good news is that organizations experience less than one breach each year on average, and about two thirds of the respondents in the U.S. said they didn’t suffer any breaches in the past year at all (that number has been about the same since CompTIA’s '05 results).
And while the median cost of a security breach stayed steady about $5,000, the average cost of a breach dropped last year to $230,000 from $370,000 in 2006. CompTIA attributes this to fewer respondents reporting breach costs of $10 million or more in '07.
In the U.S., viruses, email-borne attacks, and spyware make up over half of all attacks, as was the case in '06.
In 2007, 12 percent of the IT budget went to security, up from 7 percent in '06, and the CompTIA report concluded that security spending overall will increase. Over 40 percent of security spending today goes to technology; 17 percent to security-related processes; 15 percent to training; 13 percent to assessments; and 10 percent to certifications.
U.S. companies spent an average of $200,000 due to security breaches, and one third of that was due to loss of productivity of employees.
Security training saved U.S. firms up to $2.2 million overall, according to CompTIA’s survey results.
— Kelly Jackson Higgins, Senior Editor, Dark Reading
About the Author(s)
You May Also Like
More Insights
Webinars
The fuel in the new AI race: Data
April 23, 2024Securing Code in the Age of AI
April 24, 2024Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024
Events
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024
