Symantec report: Mistakes cause most security breaches -- not hackers

Summary:Before heaping all of the blame on cyber criminal methods, perhaps we should all step back and take some responsibility for security failures too.


When it comes to pointing fingers at who is to blame for major security breaches, maybe we should look back at ourselves first.

That's because according to Symantec's eighth annual Cost of a Data Breach report, mistakes made by employees lead to nearly two-thirds of data breaches.

The security giant argued in the report that while analysis and criticism about recent data breaches often focus on the methods of malicious attackers, critics often overlook (much to our detriment) the human factor.

Obviously, such mistakes — and the repetitiveness and negligence associated with them — are very expensive.

According to the study, the average number of breached records per organization was 23,647 with an average cost range of $130 to $136 per record.

Those costs were found to be much higher in Germany and the United States, where the averages jumped to $188 and $199, respectively.

Some other important lessons to learn from the report:

  • Brazilian companies were most likely to experience breaches caused by human errors, while Indian businesses were more likely to see breaches caused by system glitches.
  • German companies were more likely to experience problems due to malicious attacks, followed by Australia and Japan.
  • France and Australia had the highest rate of customer turnover following a data breach, while Brazil and India seem to have the most forgiving clients.
  • American companies said the greatest increase in data breach costs stemmed from a third-party error or even quick notification to data breach victims, regulators, and other stakeholders. U.K. companies pointed towards lost and stolen devices as the biggest culprits.
  • But U.S. and U.K. companies saw the greatest reduction in costs when they had strong response plans in place.
  • Furthermore, American and French businesses also saw reduced costs when they enlisted consultants for data breach remediation.

For reference, Symantec commissioned the Ponemon Institute to conduct the study over the course of 2012.

The independent research firm surveyed more than 1,400 people at 277 global organizations across the following nine countries: the United States, the United Kingdom, Germany, France, Australia, India, Italy, Japan, and Brazil.

Topics: Security, Big Data, Data Management, Legal, Social Enterprise


Rachel King is a staff writer for CBS Interactive based in San Francisco, covering business and enterprise technology for ZDNet, CNET and SmartPlanet. She has previously worked for The Business Insider,, CNN's San Francisco bureau and the U.S. Department of State. Rachel has also written for, Irish Americ... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.