Most Data Breaches Caused by Human Error, System Glitches

When it comes to data breaches, hackers and organized crime garner most of the headlines, but most data breaches are caused by human errors and system glitches--application failures, inadvertent data dumps, logic errors in data transfer and more. As a result, educating your employees and making sure they're not cutting corners is a big component in preventing data breaches.

In fact, according to a new study by Symantec and the Ponemon Institute, 64 percent of data breaches in 2012 were the result of human mistakes and system problems.

"While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious," says Larry Ponemon, chairman and founder of security research think tank the Ponemon Institute. "Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey."

Education Is Key to Reducing Data Breaches

"The key to reducing data breaches for the vast majority of reasons is really to educate employees," says Robert Hamilton, director of product marketing at Symantec. "You can do it in two ways: through general awareness security training and by deploying technology like data loss prevention technology. We actually classify that as employee education, but you're doing it in real time. It's not blocking data from moving somewhere, it's actually educating the employees."

Implementing a strong security posture and incident response plan, as well as appointing a chief information security officer (CISO), also reduces the costs of data breaches by about 20 percent.

"Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear," says Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. "Companies must protect their customers' sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center."

The Cost of Data Breaches on the Rise

The cost of those data breaches is on the rise. The Symantec-Ponemon study found that the global average cost of a data breach rose from $130 per compromised record in 2011 to $136 per compromised record in 2012.

The Ponemon Institute has conducted this benchmark study for eight years using the activity-based costing model developed by Harvard University Professor Robert S. Kaplan. Ponemon says the model starts with the detection or study of a data breach incident and takes into account forensic and investigative activities, incident response, notification, legal, consulting, outbound communication and call center activities, activities to maintain customer confidence and trust, direct churn, secondary churn and increased customer acquisition costs.

The study investigated 277 organizations with actual data breach experiences in nine countries and across 16 industry sectors. It included 1,400 interviews with individuals responsible for IT, compliance and information security with knowledge of data breach costs.

"This study is not a survey," Ponemon explains. "It's field-based research. We captured both direct and indirect costs. However, the indirect costs do not include opportunity costs; they're costs that can be measured. We tried to take a relatively conservative position."

"The scale of this is just enormous," he adds. "It took us about nine and a half months of field work to capture the data."

Ponemon noted the study did not include any catastrophic data breaches, as they skew the results. Instead it focused on data breaches that ranged from 1,000 to 100,000 records.

Cost of Data Breaches Highest in Germany, Followed by U.S.

Data breaches in the U.S. and Germany are the most costly: The average cost per compromised record in the U.S. was $188 in 2012 (down from $194 in 2011), while the average cost per record in Germany rose to $199 (up from $191 in 2011). The U.S. and Germany also had the highest total cost per data breach, at $5.4 million and $4.8 million, respectively.

Companies in Brazil were the most likely to suffer a data breach due to human error, while companies in India were most likely to have a data breach caused by a system glitch or business process failure. Brazil and India also had the lowest cost per compromised record, at $58 and $42, respectively. Ponemon notes that companies in countries with more established consumer protection laws and regulations to strengthen data privacy and cyber security tend to pay a higher cost for compromised records. For instance, breaches in heavily regulated industries, including healthcare, finance and pharmaceutical incurred breach costs 70 percent higher than breaches in other industries.

Malicious Attacks Still the Most Costly Data Breaches

While malicious attacks account for only 37 percent of data breaches, they by far the most expensive data breach incidents, with a global average cost of $157 per compromised record. Each data breach caused by a malicious or criminal attacker cost U.S. companies an average of $277 per compromised record and German companies $214 per compromised record. Brazilian and Indian companies, on the other hand, had the least costly malicious data breaches, with an average cost per compromised record of $71 and $46, respectively.

"Malicious attacks are more costly, by a significant factor, in the U.S.," Hamilton says. "Typically, when you discover that you've been attacked, you throw a lot more resources at a problem. The surprise factor and the panic factor can account for the higher cost for a malicious attack."

Factors That Affect the Cost of Data Breaches

That, Hamilton says, is why companies with a CISO and incident response plan in place tend to experience lower costs from data breach incidents: companies that are prepared don't waste as much time and resources responding to an incident. In fact, the study found that three factors increase the cost per record of data breaches:

Third-party error (+$19)

Lost or stolen devices (+$8)

Rapid notification (+$7)

On the other hand, the study found that four factors decrease the cost per record of data breaches:

A strong security posture (-$15)

An incident response plan (-$13)

Appointment of a CISO (-$8)

Engagement of data breach remediation consultants (-$5)

Symantec outlined four best practices that companies can adopt to avoid the major causes of data breaches:

Educate employees and train them on how to handle confidential information.

Use data loss prevention technology to find sensitive data and protect it from leaving your organization.

Deploy encryption and strong authentication solutions.

Prepare an incident response plan including proper steps for customer notification.

Thor Olavsrud covers IT Security, Big Data, Open Source, Microsoft Tools and Servers for Follow Thor on Twitter @ThorOlavsrud. Follow everything from on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Thor at

Join the CSO newsletter!

Error: Please check your email address.

Tags symantecsecuritydata breachPonemon Institute

More about FacebookGoogleHarvard UniversityIT SecurityKaplanMicrosoftSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Thor Olavsrud

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place