Cost of a Security Data Breach Rises According to 9th Annual Ponemon Institute Study

The “Cost of Data Breach Study” (sponsored by IBM), was recently conducted and published by Ponemon Institute. Close to 300 organizations from eleven countries participated in this year’s study. There are some important findings for Security Professionals.

Data breaches are becoming increasingly common around the world. It seems like we hear of a major breach every other week and who knows how many we don’t hear about. A major data breach can cost large companies millions of dollars in lost records and then the research into what happened, why it happened, and what to do prevent future attacks. But the highest cost of all is that of a loosing a customer forever.

The study asked some key questions of organizations participating in the study, including

    • What is the cost of a data breach?
    • What are the main causes of a data breach?
    • What types of attacks result in the highest data breach costs?
    • What is being done to reduce the cost of a potential breach?
    • Which threats pose the greatest concern?
    • How effective are the current methods being used to avoid breaches?

With up to nine years of data to work with, this annual Cost of Data Breach Study conducted by Ponemon offers detailed trending information on the cost of a data breach. The cost measurement includes direct, indirect and opportunity costs associated with an organization’s response to the theft or loss of personal information.

Some overall important findings include:

  • Most countries saw an uptick in both in the cost per stolen or lost record and in the average total cost of a breach.
  • The average cost of data breach has increased 15% to $3.5m
  • The cost of each stolen sensitive and confidential data occurrence has increased 9% to $145
  • Fewer customers remain loyal after a breach, particularly in the financial services industry.
  • For many countries, malicious or criminal attacks are the most frequent root cause of the data breaches.
  • Having business continuity management involved in the remediation of a breach can help reduce the cost.

Root Causes of a Data Breach

Some country-specific findings include:

  • US and Germany respondents reported the most costliest breaches with each costing $201 and $195 respectively. India and Brazil reported the lowest, with each costing $51 and $70, respectively.
  • Countries which are most likely to face data breach include India, Brazil and France
  • Data loss cost companies most customers in France and Italy while least number of customers were lost by companies in Brazil and Arabian region.
  • The main cause of data breach differs from country to country
    • Malicious or criminal attack was the highest cause in Germany and Arabian countries
    • System glitch is main cause of breach in India
    • Human error is the main cause of breach in the UK and Brazil.
  • Malicious attacks were the costliest type attack with the US and Germany with organisations paying maximum of $246 and $215 per compromised record while least amount paid in India and Brazil, where companies paid $60 and $77 per compromised record, respectively.

Recommendation:

  • As a preventive measure, companies should have a crisis management and data breach response plan in place. The research shows that having an efficient and swift response to the breach and containment of the damage reduces the cost of breach significantly.

To download the complete report please use the following link: www.ibm.com/services/costofbreach

Enterprise Security: 10 Experts Who Tweet and Blog

For the HorizonWatching Trend 2014 report:  Enterprise IT Security Trends to Watch in 2014 I wanted to provide a list of people who are active on social networks and are talking about issues related to Enterprise IT Security.

So I did some research on Twitter to find people with large numbers of followers who were talking about the Enterprise Security topic.   I would not necessary call these people influencers, but they do have extensive reach.  When they tweet, they have the potential to reach many people.   In addition to being active on Twitter, these people are all out on LinkedIn (link to their profile provided below) and all of these people blog as well.  In my trend report, I provide links to their blogs.

These people are all producing and sharing thought leadership and opinions about the current and future state of enterprise security.

Below I provide a list of ten people (a subset of my list of the full list of 20 people you will find in Enterprise IT Security Trends to Watch in 2014 ).   If you are in the Enterprise Security area, I’d suggest following these people, check out their blogs, and perhaps striking up a relationship with them.

LinkedIn

Title & Company

Twitter ID

Eugene Kaspersky

CEO and Co-Founder Kaspersky Lab

e_kapersky

Mukesh Sharma

CEO & Founder,  iHackers

iHackers

Brian Krebs

Founder, Krebs on Security LLC

briankrebs

Bruce Schneier

Fellow, Harvard Law School

schneierblog

Jermiah Grossman

CTO, WhiteHat Security, Inc.

jeremiahg

Chris Wysopal

CTO, Veracode

WeldPond

Angela Orebaugh

Fellow, Booz Allen Hamilton

AngelaOrebaugh

Mohit Kumar

Senior Executive at Deloitte

unix_root

Rich Mogull

Security Editor, TidBITS

rmogull

Dan Philpott

Founder, FISMApedia

danphilpott

32 Articles Discussing IT Security Trends for 2013

SecuritySecurity is one of the most important long term trends happening in the Information Technology Industry today. 

There so many challenges facing enterprise I.T. departments, many of which were just not a major challenge 10 years ago.  The advent of cloud, mobile, social, big data, other digital trends is taxing even the most secure enterprise I.T. infrastructure.  Enterprise IT systems are sending and receiving more information to partners, customers and external stakeholders over a wide variety of networks.    In addition to those disruptive and emerging technology  trends is the fact that the criminals and hackers out there are getting more and more sophisticated in their planning of cyber attacks.

Today, our world’s infrastructure is both more sophisticated and more interconnected than ever before – linking vast amounts of information and services in new ways, but also introducing more security complexities and challenges in roughly equal proportion. For this reason, it is no longer enough for organizations, or even entire governments, to try to address security strictly within their own enterprises.

The list below contains 32 articles and blog posts I found recently that discuss the important 2013 trends to watch out for within the overall I.T. Security topic.  Read a few of these and you will get a good idea of what challenges await CIOs and their staffs in 2013.



Source Title of Article / Blog Post
BizTech2.com Key Security Predictions For 2013: Kaspersky Lab
BizTech2.com McAfee’s Top 10 Threat Predictions For 2013
BizTech2.com Verizon’s Data Breach Predictions For 2013
ComputerWeekley Security Predictions for 2013
CSO Online.com Global Information Security Survey 2013: Breaches, BYOD – and boy bands
CTO.Vmware.com Beyond SDNs – Networking & Security in 2013
CXOToday.com Top 10 enterprise security predictions from McAfee
eWeek BYOD, Social Media Among Top Security Threats of 2013
Forbes

The Biggest Cybersecurity Threats of 2013 

Fortinet Fortinet’s FortiGuard Labs Reveals 2013 Threat Predictions
Frost & Sullivan Frost & Sullivan Advocates New Strategies Against Advanced Cyber Threats
F-Secure F-Secure’s Top 7 Predictions for 2013 (If the Internet as We Know It Still Exists)
F-Secure Seven Predictions for 2013
InformationWeek 7 Top Information Security Trends For 2013
Insurance Networking News Top 10 IT Security Trends for 2013
Microsoft Using the Past to Predict the Future: Top 5 Threat Predictions for 2013
RSA’s Art Coviello 8 Computer Security Predictions For 2013
SCMagazine Top 7 end-user security priorities for 2013
Security Sales & Integration 2012 Top Technology Innovations 
Softpedia Top 5 Security Predictions for 2013 from ISF
Syantec Top 5 Security Predictions for 2013 from Symantec
Telecomasia.net Cybersecurity predictions for 2013
The Guardian Data privacy predictions for 2013
The Guardian Five trends that will reinvent your approach to cyber risk in 2013
ThreatMetrix Top Cybersecurity Trends and Risks For 2013 Identified
Trend Micro Security Threats to Business, the Digital Lifestyle, and the Cloud
Trend Micro Trend Micro Predictions for 2013 and Beyond: Threats to Business, the Digital Lifestyle, and the Cloud
Trend Micro Trend Micro Releases Security Predictions for 2013 & Beyond
Venturebeat 6 big cybersecurity predictions for 2013
virtualization Review 3 Predictions for the Data Protection Industry in 2013
Watchguard Technologies WatchGuard Reveals Top Security Predictions for 2013
Websense 2013 Security Predictions