Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:26 PM
Connect Directly

Negligence, Glitches Push Up Cost Of Breaches Worldwide

But U.S. breach costs on downward trajectory, reports eighth annual Ponemon study

The costs of data breaches inched up globally, but in the U.S. companies have managed to continue bringing breach costs down, according to the eighth annual Cost of Data Breach Study out this week. Conducted by Ponemon Institute on behalf of Symantec, the study found that mistakes and human errors accounted for the bulk of all breaches studied, but malicious or criminal attacks costs businesses more when they are at the root of breaches.

Examining breach experiences from 277 organizations in nine countries, the study found that the average global cost of data breaches reached $136 per compromised record, while in the U.S. the cost was $188 per compromised record.

"It's still not chump change, but it definitely seems to be trending down in the U.S. with two years of downward movement," says Dr. Larry Ponemon, chairman and founder of the Ponemon Institute. The downward pressure could likely be attributable to more mature breach prevention and response practices. According to the study, the factors most likely to push breach costs down were instituting incident response plans, establishing a strong security posture, and appointing a CISO. Meanwhile, factors most likely to raise costs included third-party error, rushed breach notification, and lost or stolen devices.

Delving into the root causes of breaches studied in this report, Ponemon found that 64 percent of breaches were caused by negligence or system failures, while approximately 37 percent were the result of malicious insiders or criminal hackers. Ponemon notes that this should be a wake-up call to the industry.

[Is malware getting around BIOS security measures? See BIOS Bummer: New Malware Can Bypass BIOS Security.]

"Everyone wants to hear about cyberattacks, and everyone wants to hear about cyberattacks and exfiltration of data by the Chinese or the proverbial bad guy, and those things are happening," he says, "but in our data, since the beginning of time the majority of cases are involving people problems or system failures. Both are the result of negligence in a way."

At the same time, though, malicious insider or criminal attacks cost $157 per breached record, far above the $122 per record for breaches caused by system glitches and $117 for those caused by human error. According to Ponemon and Symantec, they believe that study results generally point to a greater need to address both malicious and negligent insider threats within the enterprise.

"Our conversations with customers and our research does point to the insider threat continuing to be the bigger cause behind data loss and data breach events," says Linda Park, product marketing manager for Symantec. "While there is an uptick in the malicious attacks, companies really are still focused on insider threats overall and making sure that employees are trained, aware, and that they have the right enforcement in place to make sure people are doing the right things."

The analysis seems to contradict figures analyzed put together earlier in the year in the Verizon Data Breach Investigation Report (DBIR), which showed insider threats made up a small percent of the incidents they responded to. According to Ponemon, the mismatch in conclusions could potentially be attributed to a number of factors, including different reporting standards and a focus on number of incidents rather than cost of breaches.

"They were referring to malicious insiders, not just negligent or incompetent people, and sometimes there's a fine line between something you call malicious versus nonmalicious," Ponemon says. "This is a little conjecture, but it seems like sometimes companies are more likely to label something malicious as nonmalicious because they really don't believe that to be true, and they chalk that up to making a mistake. So I think a lot of the insider cases are not disclosed properly."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio


Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 5/28/2020
GDPR Enforcement Loosens Amid Pandemic
Seth Rosenblatt, Contributing Writer,  5/27/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-05-29
IBM Planning Analytics Local 2.0.0 through 2.0.9 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
PUBLISHED: 2020-05-29
IBM MQ on HPE NonStop 8.0.4 and 8.1.0 is vulnerable to a privilege escalation attack when running in restricted mode. IBM X-Force ID: 178427.
PUBLISHED: 2020-05-29
IBM Business Automation Workflow 18 and 19, and IBM Business Process Manager 8.0, 8.5, and 8.6 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a vitcim to a phishing site. IBM X-Force ID: 1...
PUBLISHED: 2020-05-29
Android App 'Mailwise for Android' 1.0.0 to 1.0.1 allows an attacker to obtain credential information registered in the product via unspecified vectors.
PUBLISHED: 2020-05-29
Android App 'kintone mobile for Android' 1.0.0 to 2.5 allows an attacker to obtain credential information registered in the product via unspecified vectors.