Malicious attacks by hackers: At first they were an irritating oddity, but they’ve surged so much over the past few years that now they’re the most common cause of data breaches among U.S. companies. Because these incidents are hard to discover and combat, they’re also now the most costly form of loss.
As part of HBR’s “Data Under Siege” Insight Center, we present a few charts that show just how quickly malicious attacks, and their costs, are mounting. The most recent data comes from a 2013 study by the Ponemon Institute and Symantec of 277 companies that experienced losses or thefts of protected personal data.
First, a breakdown of the prevalance of three major types of data breaches — negligence (where did I put that flash drive?), system glitches (your company accidentally dumps its own data onto the public network, for example), and malice. As you can see, malice is winning.
Then there’s the cost issue: Malice has always been more costly than human or system error, and after a dip, its cost now appears to be rising yet again.
Data breaches are most costly for certain sectors: Among retailers and public-sector organizations, the cost of losses is well below the overall mean of $136 per record (an example of a record might be an individual’s name/address/Social Security number). But in heavily regulated industries such as health care, financial services, pharmaceuticals, transportation, and communications, the cost is substantially higher.
If there’s a silver lining in any of this, it’s that your company can help itself reduce the cost of a data breach by taking a few key steps, including creating the position of chief information security officer (CISO), instituting plans ahead of time, and mounting a strong response.
Thank you, TiA