Aug
15
2013

Are Employee Errors Elevating Your Data Breach Risk?

People make mistakes and the results can be catastrophic. A new study by the Ponemon Institute and Symantec now tells us employee error is more often to blame for the catastrophe of a data breach than hackers, malware or other malicious acts.

The 2013 Ponemon Cost of a Data Breach Report found that two-thirds of all data breaches are the result of human error. Conversely, malicious attacks account for just slightly more than a third (37 percent) of all data breaches, the report reveals.

Your own employees, despite their good intentions, can open the door to a data breach in a number of ways, including:

  • Mishandling sensitive information
  • Failing to protect devices that contain or can access sensitive information (for example, leaving a laptop unsecure in an employee’s car)
  • Failing to properly dispose of sensitive documents by cross-cut shredding
  • Failing to use existing safety measures such as virus software, firewalls and encryption
  • Neglecting to follow a company’s existing cyber security plan

The report underscores the emerging reality of business in the digital age: it’s almost impossible to avoid a data breach. We can’t understate the potentially catastrophic impact a data breach can have on a company, from tarnishing a brand identity and loss of reputation to customer disillusionment and even regulatory fines.

Preventive measures are vital, but so is having a response plan to deal with the aftermath of a data breach. A breach response plan can limit the costs of a data breach, and ensure any breaches are smaller in scope and more easily detected. The Ponemon/Symantec report bears this out.

According to the report, preventive measures can slash data breach costs by a total of $36 per record, including $13 per record for having an incident response plan in place prior to a breach.

A data breach response plan goes a long way towards mitigating breach costs. A response plan gives businesses the opportunity to bolster customer confidence and satisfaction with a speedy, effective response. By offering breach victims identity protection as part of your response plan, you not only protect customers, you protect your business reputation and your bottom line.

A Carnegie Mellon study found that providing credit monitoring to victims after a data breach makes a company’s risk of being sued six times lower than if they do nothing – even in cases when a victim has suffered financial harm as a result of the breach.

Resource links:

Ponemon/Symantec report: http://www.symantec.com/about/news/resources/press_kits/detail.jsp?pkid=ponemon-2013

Carnegie Melon Study: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1986461&download=yes

 

 

Legal Notice: The information you obtain herein is not, nor intended to be, legal advice. We try to provide quality information but make no claims, promises or guarantees about the accuracy, completeness or adequacy of the information contained. As legal advice must be tailored to the specific circumstances of each case and laws are constantly changing, nothing provided herein should be used as a substitute for the advice of competent legal counsel.

Share