Symantec report: Mistakes cause most security breaches -- not hackers

Before heaping all of the blame on cyber criminal methods, perhaps we should all step back and take some responsibility for security failures too.
Written by Rachel King, Contributor on

When it comes to pointing fingers at who is to blame for major security breaches, maybe we should look back at ourselves first.

That's because according to Symantec's eighth annual Cost of a Data Breach report, mistakes made by employees lead to nearly two-thirds of data breaches.

The security giant argued in the report that while analysis and criticism about recent data breaches often focus on the methods of malicious attackers, critics often overlook (much to our detriment) the human factor.

Obviously, such mistakes — and the repetitiveness and negligence associated with them — are very expensive.

According to the study, the average number of breached records per organization was 23,647 with an average cost range of $130 to $136 per record.

Those costs were found to be much higher in Germany and the United States, where the averages jumped to $188 and $199, respectively.

Some other important lessons to learn from the report:

  • Brazilian companies were most likely to experience breaches caused by human errors, while Indian businesses were more likely to see breaches caused by system glitches.
  • German companies were more likely to experience problems due to malicious attacks, followed by Australia and Japan.
  • France and Australia had the highest rate of customer turnover following a data breach, while Brazil and India seem to have the most forgiving clients.
  • American companies said the greatest increase in data breach costs stemmed from a third-party error or even quick notification to data breach victims, regulators, and other stakeholders. U.K. companies pointed towards lost and stolen devices as the biggest culprits.
  • But U.S. and U.K. companies saw the greatest reduction in costs when they had strong response plans in place.
  • Furthermore, American and French businesses also saw reduced costs when they enlisted consultants for data breach remediation.

For reference, Symantec commissioned the Ponemon Institute to conduct the study over the course of 2012.

The independent research firm surveyed more than 1,400 people at 277 global organizations across the following nine countries: the United States, the United Kingdom, Germany, France, Australia, India, Italy, Japan, and Brazil.

Editorial standards