Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:26 PM
Connect Directly

Negligence, Glitches Push Up Cost Of Breaches Worldwide

But U.S. breach costs on downward trajectory, reports eighth annual Ponemon study

The costs of data breaches inched up globally, but in the U.S. companies have managed to continue bringing breach costs down, according to the eighth annual Cost of Data Breach Study out this week. Conducted by Ponemon Institute on behalf of Symantec, the study found that mistakes and human errors accounted for the bulk of all breaches studied, but malicious or criminal attacks costs businesses more when they are at the root of breaches.

Examining breach experiences from 277 organizations in nine countries, the study found that the average global cost of data breaches reached $136 per compromised record, while in the U.S. the cost was $188 per compromised record.

"It's still not chump change, but it definitely seems to be trending down in the U.S. with two years of downward movement," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. The downward pressure could likely be attributable to more mature breach prevention and response practices. According to the study, the factors most likely to push breach costs down were instituting incident response plans, establishing a strong security posture, and appointing a CISO. Meanwhile, factors most likely to raise costs included third-party error, rushed breach notification, and lost or stolen devices.

Delving into the root causes of breaches studied in this report, Ponemon found that 64 percent of breaches were caused by negligence or system failures, while approximately 37 percent were the result of malicious insiders or criminal hackers. Ponemon notes that this should be a wake-up call to the industry.

[Is malware getting around BIOS security measures? See BIOS Bummer: New Malware Can Bypass BIOS Security.]

"Everyone wants to hear about cyberattacks, and everyone wants to hear about cyberattacks and exfiltration of data by the Chinese or the proverbial bad guy, and those things are happening," he says, "but in our data, since the beginning of time the majority of cases are involving people problems or system failures. Both are the result of negligence in a way."

At the same time, though, malicious insider or criminal attacks cost $157 per breached record, far above the $122 per record for breaches caused by system glitches and $117 for those caused by human error. According to Ponemon and Symantec, they believe that study results generally point to a greater need to address both malicious and negligent insider threats within the enterprise.

"Our conversations with customers and our research does point to the insider threat continuing to be the bigger cause behind data loss and data breach events," says Linda Park, product marketing manager for Symantec. "While there is an uptick in the malicious attacks, companies really are still focused on insider threats overall and making sure that employees are trained, aware, and that they have the right enforcement in place to make sure people are doing the right things."

The analysis seems to contradict figures analyzed put together earlier in the year in the Verizon Data Breach Investigation Report (DBIR), which showed insider threats made up a small percent of the incidents they responded to. According to Ponemon, the mismatch in conclusions could potentially be attributed to a number of factors, including different reporting standards and a focus on number of incidents rather than cost of breaches.

"They were referring to malicious insiders, not just negligent or incompetent people, and sometimes there's a fine line between something you call malicious versus nonmalicious," Ponemon says. "This is a little conjecture, but it seems like sometimes companies are more likely to label something malicious as nonmalicious because they really don't believe that to be true, and they chalk that up to making a mistake. So I think a lot of the insider cases are not disclosed properly."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
44% of Security Threats Start in the Cloud
Kelly Sheridan, Staff Editor, Dark Reading,  2/19/2020
Zero-Factor Authentication: Owning Our Data
Nick Selby, Chief Security Officer at Paxos Trust Company,  2/19/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
6 Emerging Cyber Threats That Enterprises Face in 2020
This Tech Digest gives an in-depth look at six emerging cyber threats that enterprises could face in 2020. Download your copy today!
Flash Poll
How Enterprises Are Developing and Maintaining Secure Applications
How Enterprises Are Developing and Maintaining Secure Applications
The concept of application security is well known, but application security testing and remediation processes remain unbalanced. Most organizations are confident in their approach to AppSec, although others seem to have no approach at all. Read this report to find out more.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-02-25
NaCl in 2015 allowed the CLFLUSH instruction, making rowhammer attacks possible.
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows XSS.
PUBLISHED: 2020-02-25
An issue was discovered in the pricing-table-by-supsystic plugin before 1.8.2 for WordPress. It allows CSRF.
PUBLISHED: 2020-02-25
Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges.
PUBLISHED: 2020-02-25
Gurux GXDLMS Director prior to 8.5.1905.1301 downloads updates to add-ins and OBIS code over an unencrypted HTTP connection. A man-in-the-middle attacker can prompt the user to download updates by modifying the contents of gurux.fi/obis/files.xml and gurux.fi/updates/updates.xml. Then, the attacker ...