Data breaches from employee carelessness can be substantial
The 2015 Cost of Data Breach Study: United States released by IBM and Ponemon Institute is the 10th release focusing on cost of data breaches for US companies. Key findings include the total average cost paid by breached organizations has increased from $5.4 million to $6.5 million. The average cost for a stolen record has increased from $201 to $217, of which $74 represents direct costs and $143 indirect costs.
We have already reported that 90% of security incidents are still be tied back to people behavior, reinforcing the need for employee training and awareness to reduce security incidents and data breaches (whether from lost devices or phishing attacks).
As data breaches and stories of identity theft feature more frequently in the news, organizations are increasingly demanding better protection of the security of their personal information. Abnormal customer turnover ends up being a substantial contributor to higher costs of a data breach – demonstrating the effect reputational damage can have; as customers will take their business elsewhere. This helps explain why 20% of security professionals claim their organization had concealed a data breach.
Concealment can be not only illegal, but unethical. And an organization that has to to notify affected customers, district attorneys, or consumer reporting agencies of a data breach, will see significant costs increases.
- An incident response plan and team.
- Extensive use of protection of devices.
- BCM involvement.
- CISO leadership.
- Employee training.
- Board-level involvement
