Australian and U.S. companies suffered the largest data breaches in 2012, reveals the 8th annual Cost of Data Breach: Global Analysis survey by Symantec and Ponemon Institute.
On average, the survey found Italian and Japanese companies had the smallest number of breached records throughout last year.
Across the globe, the survey says human errors and system malfunctions caused more than half (66%) of data breaches in 2012. Along with employees mishandling confidential data, companies also dealt with lack of system controls and violations of industry and government regulations.
Read: Don’t lose client data
In particular, data loss in heavily regulated fields such as healthcare and finance are 70% more expensive than those in other industries. That’s because the information is so sensitive and many steps need to be taken protect it.
The survey adds the costs of data breaches can be calculated by looking at the average, overall price of investigating the incidents. Companies have to organize emergency teams and hire experts to determine the root cause of their breaches, as well as pay for IT activities associated with the recreation of contact databases and determination of all regulatory requirements.
They also have to factor in the price of notifying and assisting affected clients via press releases and call centers. Most importantly, firms often lose money due to the turnover of existing customers and the loss of interest in the organization afterwards—the survey refers to these losses as “opportunity costs.”
As such, the survey finds the cost per compromised customer record was up over the previous year from $130 to $136. In the U.S., however, a slight cost decline per record was attributed to the appointment of chief information security officers (CISOs). These execs help implement incident response plans and stronger overall security programs.
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” says Larry Ponemon, chairman of Ponemon Institute. “Employee behavior [is] one of the most pressing issues facing organizations today, up 22% since the first survey.”
“The importance of a well-coordinated, holistic approach is clear,” says Anil Chakravarthy, executive vice president of the Information Security Group, Symantec.
Highlights of the survey include:
- Causes of data breaches differ among countries: German companies were most likely to experience a malicious or criminal attack, followed by Australia and Japan. Brazilian companies were most likely to experience breaches caused by human error, while those in Indian were most likely to experience a data breach caused by a system glitch or business process failure.
- What types of cyber attacks cost the most? Malicious attacks are the most costly data incidents. Both U.S. and German companies experienced the most expensive data breach incidents, with the cost per compromised record standing at $277 and $214, respectively.
- How to decrease costs: U.S. and U.K. companies experienced the greatest reduction in data breach costs since they have strong security measures and incident response plans, along with CISOs.
- What increases costs: If breaches are caused by a third party error or if they involve a lost or stolen device, costs increase. You have to alert and communicate with clients quickly, and also alert authorities in case clients’ credits or accounts are compromised.
- Who spends the most on investigations? It turns out U.S. and German organizations spent the most on average ($565,020 and $353,927, respectively). Brazil and India spent the least ($53,063 and $22,232, respectively).