Media releases are provided as is by companies and have not been edited or checked for accuracy. Any queries should be directed to the company itself.

Symantec Survey Reveals Australian Businesses Exposed To Data Breaches, Compromising Confidential Information

Symantec today announced the results of its survey into the prevalence, causes and costs of data breaches experienced by Australian businesses. The survey found that Australian organisations are losing critical customer records, employee details and intellectual property to data breaches caused by human error as well as the loss of laptops and other portable devices.
  • 23 October, 2008 10:29

<p>Lost Mobile Devices and Human Errors are Leading Causes of Data Loss</p>
<p>SYDNEY, Australia – 22 October 2008 – Symantec Corp. (Nasdaq: SYMC) today announced the results of its survey into the prevalence, causes and costs of data breaches experienced by Australian businesses. The survey found that Australian organisations are losing critical customer records, employee details and intellectual property to data breaches caused by human error as well as the loss of laptops and other portable devices.</p>
<p>Commissioned by Symantec, the survey revealed that more than 79 percent of Australian organisations who responded have experienced some form of data breach and approximately 40 percent have experienced anywhere from six to 20 known data breaches in the past five years. In addition, 59 percent of respondents suspected they have experienced undetected data breaches, demonstrating that respondents were aware of information leaving the organisation but they could not discover what information and how this information was leaving the business.</p>
<p>The survey found that respondent Australian businesses were most prone to losing customer records (55 percent); employee records (48 percent); intellectual property (43 percent); commercially sensitive information (35 percent); bank and credit card details (21 percent) as well as financial information (20 percent).</p>
<p>Primary Causes of Data Breaches
Survey respondent’s results revealed the primary cause of data breaches was lost laptops at 45 percent; accidental human error at 42 percent; lost mobile phones or portable devices at 30 percent; hacked systems at 29 percent; actions by malicious insiders at 28 percent; paper records leaving an organisation at 26 percent; and malicious code infiltrating systems at 24 percent. Interestingly third party or outsource suppliers were the least reported reasons for the cause of a data breach.
“Today’s organisations have no walls and information can be anywhere, so securing the perimeter is no longer adequate. Additionally, many organisations believe that confidential information is most at risk from malicious acts when employees are mobile and not connected to the corporate network,” said Craig Scroggie, vice president and managing director, Symantec, Australia and New Zealand. “To reduce the risk and impact of data loss, organisations must first answer three critical questions - where is your confidential data; how is the data being used; and how do you best prevent its loss.</p>
<p>“With the proposed amendments to the Federal Privacy Act, Australian businesses are becoming more aware of their obligations to secure and manage customer, employee and company confidential information. However, easy access to and dissemination of the growing volume of information together with an increasingly mobile workforce means Australian organisations are finding it harder than ever to prevent the loss of sensitive data,” Scroggie added.</p>
<p>Keeping Confidential Information Confidential
Approximately 45 percent of the survey participants acknowledged that there had been an incident within their organisation where company secrets or intellectual property were intentionally comprised. The survey sought to discover how this information was leaving the organisation. Revealingly, 77 percent stated this information was compromised by data copied to a removable storage device; 51 percent indicated that printed paper records were removed from the premises; 41 percent found that information was distributed externally via email or instant messaging; 26 percent stated that confidential information was posted on public websites; and 21 percent leaked information by copying or photographing confidential data onto a mobile phone or PDA.</p>
<p>The Cost of Data Breaches
The average financial cost of a single data breach to an organisation was wide-ranging with seven percent of respondents estimating the cost of a data breach to be more than more than AUD$1 million and 14 percent estimating the cost to be between $100,000 – $999,999. In contrast, the survey results indicated some 34 percent of organisations spent less than $4,999 on a data breach; 24 percent between $5,000 –$10,000 and 21 percent between $10,001- $99,999.</p>
<p>“While data breaches can be very costly in financial terms, they also come at a price to the business’ reputation and customer confidence,” said Steve Martin, Mid-Market manager, Symantec, Australia and New Zealand. “Australian organisations indicated loss of reputation and brand as well as decreased customer loyalty and trust as significant business costs caused by data breaches at 44 percent and 42 percent respectively. Furthermore, Australian business also reported loss of customers; decreased revenue and decreased staff morale as additional costs to their business.”
Technology Measures to Prevent Data Loss
The organisations surveyed employed a range of technology measures to protect their confidential information. Data encryption was the more common technology measure to prevent data breaches at 46 percent, followed closely by the implementation of security policies such as password protection processes at 45 percent. Data loss prevention technology (38 percent); identity and access management technology (37 percent); and endpoint security (24 percent) were other key technology measures which companies adopted to prevent the loss of sensitive data.</p>
<p>“Businesses today are caught between allowing their staff to use and leverage corporate information to improve performance and productivity while also locking it down to prevent accidental or malicious data breaches,” said Martin. “Organisations should look to implement a comprehensive data loss prevention solution that effectively lowers risk by enabling them to discover, monitor, and protect confidential data wherever it is stored or used. Once this data is identified, the solution should enable organisations to protect it by automatically applying data protection policies through integration with data encryption, storage tiering and archiving systems.”</p>
<p>Key Recommendations
To minimise the exposure to data loss, Symantec recommends that organisations identify and classify risks for all critical information. Organisations should proactively develop information protection policies and deploy technologies that integrate into business processes while addressing privacy and regulatory compliance. An effective data loss prevention strategy should involve multiple groups in the business, such as legal and human resources, in addition to the information technology department. Additionally, human error can be reduced by educating employees on the value of their company’s information assets and their role in protecting sensitive data. With heightened awareness, employees can become a company’s strongest line of defence and its most valuable security ally.</p>
<p>About Data Loss Prevention
Data Loss Prevention is the combination of people, processes and technology focused on preventing confidential information or other sensitive data from leaving an organisation. Whether it is personally identifiable information such as customer or employee records, proprietary corporate data such as financial statements or marketing plans etc, confidential data represents a valuable asset that must be carefully secured and managed.</p>
<p>Symantec Data Loss Prevention delivers a unified solution to discover, monitor and protect confidential data. Symantec solutions offer comprehensive coverage of confidential data across endpoint, network and storage systems - whether the users are on or off the corporate network. By measurably reducing risk, Symantec gives organisations new confidence to demonstrate compliance while protecting their customers, brand and intellectual property.
About the Symantec Data Loss Prevention Survey
The Data Loss Prevention Survey was an online survey conducted by Bread and Butter Research and commissioned by Symantec in September 2008. The first of its kind for Symantec in Australia, the survey reached 156 qualified respondents across Australia with 100 or more employees within their company. The survey was completed largely by IT managers from a variety of industry sectors and also had a fair representation of CEOs, CIOs, CISOs, CROs and line of business managers. The majority of respondents represented businesses with a financial turnover of $10-$500 million.</p>
<p>About Symantec
Symantec is a global leader in providing security, storage and systems management solutions to help businesses and consumers secure and manage their information. Headquartered in Cupertino, Calif., Symantec has operations in more than 40 countries. More information is available at www.symantec.com
###</p>
<p>NOTE TO EDITORS: If you would like additional information on Symantec Corporation and its products, please visit the Symantec News Room at http://www.symantec.com/news. All prices noted are in U.S. dollars and are valid only in the United States.</p>
<p>Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.</p>
<p>Contacts:
Debbie Sassine
Symantec
+61 2 8220 7158
debbie_sassine@symantec.com</p>
<p>Angela Coombes
Max Australia
0404 065 497
Angela.coombes@maxaustralia.com.au</p>

Most Popular