Staff cock-ups fuel most data losses

customer-data-analytics-300x189Employee error and system issues caused two-thirds of data breaches last year, with the cost of outages rising to over £100 for each record compromised, hitting some firms with recovery bills running into tens of thousands of pounds.
According to the latest Cost of Data Breach Study by Symantec and the Ponemon Institute, the mishandling of confidential personal information by employees, lack of system controls and violations of industry and government regulations are the main issues.
Based on 277 companies in the UK and eight other countries, the individual country data shows UK companies are nearly as likely to be targeted by a criminal as they are to be hit by a data breach caused by human error.
Ponemon Institute chairman Larry Ponemon said: “Eight years of research on data breach costs has shown employee behaviour to be one of the most pressing issues, up 22% since the first survey.”
In this year’s study, the average cost of a UK data breach increased from £79 to £86 per record. However, breaches caused by a malicious or criminal attack are the most costly, at £102 per record, compared with £78 on average for incidents involving employee error.
While the cost of a breach continues to rise, companies which have recruited a chief information security officer with business-wide responsibilities have lowered their outlay – in some cases significantly.
In the UK, the average cost of a data breach for organisations with a formal incident response plan in place was reduced to as much as £13 per compromised record.
A similar strategy in the US has proved successful, especially when combined with a comprehensive incident response plan and stronger overall security programmes.
Symantec product and solutions manager Mike Smart said that – with more than a third of UK data breaches involving negligent employees or contractors – the human factor is still the weakest link. “Consequently, training and awareness should be a priority from the offset,” he added.
But he warned malicious attacks have become nearly as big a problem, and they are more costly when they do occur. In addition to training staff on how to handle confidential information, the report shows it is equally important to have a comprehensive incident response plan in place.

Related stories
Data breach rules watered down
UK doing ‘bare minimum’ on privacy
50m hit by LivingSocial hack attack
UK data breach fines top £2.5m
ICO defends ‘paltry’ £250k Sony fine
Half of data fines cut, admits ICO

1 Comment on "Staff cock-ups fuel most data losses"

Comments are closed.