Employee mistakes cause more data breaches, but cyber attacks involving malware or spyware carry a higher cost to corporations, according a review of over 1,500 data breaches conducted by Beazley Group.
“With more information being stored electronically and in the cloud, the risk of data breaches is growing,” said Katherine Keefe, head of Beazley Breach Response (BBR) Services. “Consumers expect their privacy will be protected, and a data breach can have serious reputational and financial impact.”
Employees are far more likely to either send emails and faxes to the wrong party (31 percent of breaches) or to simply lose physical records (24 percent), Beazley learned from analyzing its collected data. The firm, which offers data breach incident response services, released its findings at a recent International Association of Privacy Professionals’ (IAPP) event.
Healthcare organizations are particularly susceptible to lost physical records, Beazley noted.
While malware or spyware-related breaches only accounted for 11 percent of breaches in 2013 and 2014, the number is growing – by 20 percent between 2013 and 2014 — and such attacks generally produce significant forensic investigation costs. Those costs to discover the source of the attack usually bump the overall cost of the breach to 4.5 times higher than unintended data disclosure.
Over 14 million people were affected by the data breaches Beazley handled for clients. Businesses also run the risk of harm to their public image or reputation, according to an Economist Intelligence Unit survey which found that 38 percent of individuals affected by breaches said they no longer conducted business with the at-fault organization. Another 46 percent said they would warn their family and friends against sharing data with the organization.
“The majority of data breaches are avoidable with appropriate training and security measures in place,” said Keefe, noting the need for encryption services for both large-scale computer networks and mobile services.
“Understanding the cause and extent of the breach is a critical step in any breach response,” stated Steve Visser, managing director of disputes and investigations at Navigant Consulting Inc, a partner to Beazley’s BBR Services. “We have seen companies react too quickly without fully understanding the breach. That could result in them misinforming their customers or the public.”