Organisations should be aware that dealing with a breach is becoming an increasingly costly endeavour, according to Symantec.
The caution comes by the way of Symantec’s recent 2011 Cost of Data Breach Study, which has found that the average cost of a data breach reported by Australian organisations has maintained an upward trend for the third year in a row.
For Symantec Pacific director of specialist solutions, Sean Kopelke, the increase in the overall cost of data breaches is significant when it is broken down into the two levels of cost per record and the overall total cost to an organisation.
“Both of them went up, with cost per record going from $128 to $138 in 2011, and total cost going from $2 million in 2010 to $2.16 million in 2011,” he said.
What Kopelke found interesting about this result was that the numbers in overseas regions such as the US. have “flatlined or gone down.”
“In Australia, organisations still spend a lot of their expenses in post-breach, such as mitigating the error, reaching out to customers, and fixing up the problem overall,” he said.
“When you look at the US and Europe, where they have data breach notification laws in place, a lot more of the investment has gone into preventing a breach from happening in the first place.”
As a result, Kopelke sees that contributing to the post-breach being “a lot lower on average,” as they’re happing “a lot less as well.”
“That really does highlight that there’s still a very strong and compelling reason why Australia should consider fast tracking legislation around areas of data breach notification,” he said.
Another key discovery in the report was that malicious or criminal attacks were the most common cause of data breaches in Australia.
According to Kopelke, the result does not surprise Symantec and the vendor foresees an increase in these types of attacks for the future.
“Traditionally, you saw a lot of data breaches and it was attributed to employee error, and it still happens,” he said.
“These days in can be very profitable to do a data breach, as there are well organised groups that are going in for malicious reasons to break in and hack into businesses and steal personal identification information to sell it.”
Due to this financially driven motivation, Kopelke feels that the malicious and criminal activities are the main cause, as they quite often happen on a larger scale.
“A well-planned malicious attack is not going to go in and steal some credit cards but in the thousands if not greater,” he said.
A common factor in local data breaches was also found to be lost or stolen devices, a fact that Kopelke attributes to the proliferation of gadgets among employees.
He points to the recent mobility survey that Symantec carried out and how it highlighted that organisations are “embracing mobility in a big way,” as they see the “business benefits for their employees.”
“They highlighted security as an area of concern, along with data leakage,” he said.
“But that aside, organisations understand that there are ways to address that, so lost devices will remain an area on the increase, as there are so many more devices and over 70 per cent of organisations have started putting business applications onto tablets and mobile devices.”
As more confidential information is going to find its way onto these devices, and with people having two or three of them, so there is now a larger chance of losing a device and having it end up in someone else’s hands.
“It will continue to be an area that business have to address from a data breach point of view, and the cost is always going to be lower if they invest into how to stop it from happening in the first place than after the fact,” Kopelke said.
As a result, he expects this area will continue to grow in awareness over the next couple of years.