Study: Negligence Causes Most Data Breaches
But damage by outsiders can be even more expensive.
A just-released study concludes that the cost of data breaches to businesses is rising from both internal negligence and the actions of third parties.
The overall cost of data breaches is also rising. In 2008, the overall average cost to respondents was more than $6.6 million per breach, compared to $6.3 million in 2007 and $4.7 million in 2006, the study found. Actual costs ranged from $613,000 to almost $32 million.
The fourth annual U.S. cost of data breach study conducted by the Ponemon Institute detailed the dangers. The study, which covers 2008, was funded by encryption vendor PGP. It found that 88 percent of data breaches are caused by simple negligence on the part of staff.
The Ponemon study found that the cost of lost business makes up the bulk of the cost of data breaches, and has been going up steadily. Legal fees are rising as well.
For this study, the institute looked at 43 companies of varying size in 17 industry sectors, all of which had suffered a data breach. About 84 percent of them had suffered more than one data breach. The study took into account the cost of detection, escalation and notification, and of responding to a breach after it occurred.
"In 88 percent of companies where you had events resulting in significant data loss, these were attributable to people who were incompetent or negligent or didn't understand the rules of the road," Phil Dunkelberger, PGP's CEO, told InternetNews.com.
However, the 12 percent of breaches that were caused by third parties cost the respondents more than in-house breaches, Larry Ponemon, chairman and founder of the Ponemon Institute, told InternetNews.com. Per-victim costs for third-party breaches have gone up by $52, to $243 in 2008 compared with $192 in 2007, the study found.