When most people consider the top causes of data breaches, we tend to focus on malicious attacks.
We imagine shadowy figures who launch malware and phishing emails, or who install backdoors and keystroke loggers, from a dark bunker far away.
But did you know that roughly half of data breaches may be caused by other problems – such as system glitches or human error?
The 2017 Cost of Data Breach Study from Ponemon Institute looks at the average total cost of data breaches at 419 organizations in 11 countries, and also the root causes of those breaches.
We dug into the data and found the insights below.
The root causes of data breaches are grouped into three categories in the Ponemon study – and “malicious or criminal attack” tops the list.
Accounting for almost half of the total, one might assume an organization is almost twice as likely to experience a data breach caused by a malicious or criminal attack rather than by human error.
Why do attackers do this? Their motives can vary.
Here are three common attack motives from the 2017 Verizon Data Breach Investigations Report:
Causing 28% of the data breaches reviewed in the study, human error is perhaps the most exasperating cause of data breach because it’s the most preventable.
Examples of the ways human error can lead to data breaches include:
About one-quarter (25%) of the data breach causes reviewed in the study were a system glitch, or a sudden break in the continuity or function of a system.
A glitch can occur for an infinite number of reasons.
For example, a software update may inadvertently expose records to the public.
In Oct. 2016, this happened to a state government system in Michigan, exposing the records of 1.9 million people for the following four months.
Other examples of glitches include:
Malicious or criminal attacks are the most of expensive cause of data breaches reviewed in the study.
According to Poneman, each malicious attack cost an average of $156 per compromised record (aka “per capita cost”).
Systems glitches that result in a data breach cost less – only $128 per record on average.
The least expensive cause of data breaches on average was human error, with a per capita cost of $126.
Data breaches are most expensive in the United States and least expensive in India, according to the report.
In India, the average cost of a data breach was $64 per record.
In the U.S., the average was $225 – that’s 250% higher!
The report’s authors note several reasons why data breaches are so costly in the U.S.
Data breaches are expensive in every country, but especially the U.S. Investments in cyber security are essential to keeping these costs under control.
Rather than viewing the investments as an expense, the wisest organizations will realize the costs of failing to secure their networks will far outweigh the costs to protect them.
Ponemon 2017 Cost of Data Breach Study
Top 4 Insights from Verizon Data Breach Report 2017
Top 3 causes of HIPAA violations and their simple solutions
Calyptix Report on How to Protect Your Business from Ransomware