Symantec report: Mistakes cause most security breaches -- not hackers

Symantec report: Mistakes cause most security breaches -- not hackers

Summary: Before heaping all of the blame on cyber criminal methods, perhaps we should all step back and take some responsibility for security failures too.


When it comes to pointing fingers at who is to blame for major security breaches, maybe we should look back at ourselves first.

That's because according to Symantec's eighth annual Cost of a Data Breach report, mistakes made by employees lead to nearly two-thirds of data breaches.

The security giant argued in the report that while analysis and criticism about recent data breaches often focus on the methods of malicious attackers, critics often overlook (much to our detriment) the human factor.

Obviously, such mistakes — and the repetitiveness and negligence associated with them — are very expensive.

According to the study, the average number of breached records per organization was 23,647 with an average cost range of $130 to $136 per record.

Those costs were found to be much higher in Germany and the United States, where the averages jumped to $188 and $199, respectively.

Some other important lessons to learn from the report:

  • Brazilian companies were most likely to experience breaches caused by human errors, while Indian businesses were more likely to see breaches caused by system glitches.
  • German companies were more likely to experience problems due to malicious attacks, followed by Australia and Japan.
  • France and Australia had the highest rate of customer turnover following a data breach, while Brazil and India seem to have the most forgiving clients.
  • American companies said the greatest increase in data breach costs stemmed from a third-party error or even quick notification to data breach victims, regulators, and other stakeholders. U.K. companies pointed towards lost and stolen devices as the biggest culprits.
  • But U.S. and U.K. companies saw the greatest reduction in costs when they had strong response plans in place.
  • Furthermore, American and French businesses also saw reduced costs when they enlisted consultants for data breach remediation.

For reference, Symantec commissioned the Ponemon Institute to conduct the study over the course of 2012.

The independent research firm surveyed more than 1,400 people at 277 global organizations across the following nine countries: the United States, the United Kingdom, Germany, France, Australia, India, Italy, Japan, and Brazil.

Topics: Security, Big Data, Data Management, Legal, Enterprise 2.0

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • What a crook...

    Lying, stealing, scum sucking thief's are to blame, period the end!
  • The order of blame is

    #1 ) Thief #2) Operating and network company who sold the defective software

    That's about it...
    Tony Burzio
  • Then there is the special place in the underworld...

    for the protection software vendor who charges you money to protect you, and the little buggers get through the security anyway. Might as well not even bothered it's so easy...
    Tony Burzio
  • Oh come on, let's admit it...

    Security violations are primarily a Windows problem. If Windows wasn't so buggy, the admins could probably keep up with the hackers...
    Tony Burzio
  • symantec

    the first mistake is installing norton products on your computers.
  • more smoke more bloat

    biggest piece of bloat ware on a consumer pc is active anti-virus detection, and since most are now on the subscription basis they have become even worse on oem machines and so much more annoying to remove. having something thats integrated into a web browser that lets you pick and chose what scripts run when visiting a website is a much better security measure then active anti-virus.