Human errors and system glitches caused two-thirds of data breaches in 2012, which, on average, cost companies about US$136 per compromised record. However, data breaches caused by malicious attacks remain the most costly for companies worldwide.
This infographic based on the Symantec and Ponemon Institute 2013 Cost of Data Breach Study analyses data breaches in 2012 from 277 companies in nine countries, including the US, the UK, France, Germany, Japan and Australia.
This eighth annual global report finds that the average cost of a data breach per record in 2012 increased from the previous year, and 64pc of these breaches were the result of employee mistakes and system errors.
The average cost of a data breach varies widely worldwide, but the US and Germany suffer the most at US$188 and US$199 per record, respectively. The total cost per incident in Germany was US$4.8m and in the US was US$5.4m. Despite being the highest figure of the lot, this shows a slight decline in data breach costs for the US, which has been attributed to the appointment of chief information security officers.
Criminal attacks make for the most costly data breaches worldwide, accounting for 37pc. German companies are most likely to experience a malicious attack such as this, followed by Australia and Japan.
However, application failures, inadvertent data dumps, logic errors in data transfer, unauthorised access and data recovery failures also contributed to data breaches in 2012, as did employee mishandling of confidential data, lack of system controls and violations of both industry and government regulations.
“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, chairman of the Ponemon Institute. “Eight years of research on data breach costs has shown employee behaviour to be one of the most pressing issues facing organisations today, up 22pc since the first survey.”
According to previous research, 62pc of employees think it’s okay to transfer corporate date outside the company and the majority never delete this data, leaving it vulnerable to leaks.