In a fast-moving digital world that we are currently living in, our data and information is constantly at risk of being exposed or compromised. For government agencies, maintaining strict governance policies and educating users is essential. Government agencies collect a variety of data on citizens, from the day we are born and throughout our entire lives, we are submitting personal data and information to government institutions.
That’s why I was fascinated to read through the Symantec and the Ponemon Institute annual study, 2013 Cost of Data Breach: Global Analysis report. Protecting data from breaches is a fundamental requirement for both public and private sector organizations. The study is the eighth annual benchmark study exploring the cost of a data breach across nine countries. The study includes an analysis of data breaches in the United States, United Kingdom, Germany, France, Australia, India, Italy, Japan and Brazil.
Symantec and Ponemon Cost of Data Breach: Global Analysis Report
- Symantec and Ponemon Institute release annual study, 2013 Cost of Data Breach: Global Analysis Report
- Eighth annual study exploring cost of data breaches in nine countries
- Human error and system glitches account for nearly two-thirds for data breaches
Though this study presents data from across the globe with participation from multiple industries, these findings provide great insight and relevancy to the US Government. Some key statistics were:
- The average per record cost of data breach increased from $130 to $136
- In 2012 the average number of records per breach was 23,647
- The cost per record for the US was at $188
- The US had the highest total cost per breach at 5.4 million
While headlines revolve around malicious and criminal attacks, an interesting result from the study finds that nearly two-thirds of data breaches are the results of either human error or system glitches, while malicious or criminal attacks are responsible for only a third of data breaches. Each threat found in the report is highlighted below.
Human error
The study finds that human error is a significant factor leading to a data breach. This can also include disgruntled employees who may leak information or intentionally distribute confidential information.
In order to mitigate the risk of human error, government agencies must focus on sound training and governance policies. Proper training and strict rules on how to access data, code data and carefully monitor accessibility are essential steps to reduce human error. Symantec also recommends that an agency have a Data Loss Prevention (DLP) technology in place.
System glitch or business process failure
System glitches include application failures, inadvertent data dumps, logic errors in data transfers, identity or authentication failures (wrongful access), data recovery failures, and more. Organizations must be sure that they have updated all software, run diagnostic tests and make sure that systems are reliable and secure.
Malicious or criminal attack
The study finds that malicious or criminal attacks were the most expensive for countries. For US companies, the cost per record was $277 for a breach that was caused by a malicious or criminal attack.
Government agencies are constantly at risk of being attacked, whether it’s seeking to expose data for financial gain, disrupt government activity, or for political motives. Due to this, agencies must focus on taking care of all the low-hanging fruit for security. This means being sure passwords are secure, updating security patches and being sure that they are assessing vulnerabilities to systems.
You can view the full Symantec and Ponemon report here. There are lots of interesting data points covered in the report, and the study gives a thorough overview of the costs associated with data breaches.
Want More GovLoop Content? Sign Up For Email Updates
Symantec protects the world’s information, and is the global leader in security, backup and availability solutions. Their innovative products and services protect people and information in any environment – from the smallest mobile device, to the enterprise data center, to cloud-based systems. Their industry-leading expertise in protecting data, identities and interactions gives their government customers confidence in a connected world. More information is available on Symantec’s GovLoop Page.
Sorta related and I believe a very important related cost; the leaking of data intentionally