Symantec and the Ponemon Institute release 2013 Cost of Data Breach Study: Global Analysis

Jun 5, 2013 22:01 GMT  ·  By

Symantec and the Ponemon Institute have published the 2013 Cost of Data Breach Study: Global Analysis, a report which analyzes the losses recorded by organizations that have suffered breaches.

The study – which is based on feedback from 277 companies from nine countries – shows that the average cost of data breaches varies from one country to the other.

Data breaches are the most costly in Germany and the United States. In Germany, the cost per compromised data record is $199 (€152), with the highest total cost per data breach being $4.8 million (€3.6 million).

As far as the US is concerned, the cost per compromised data record is $188 (€143), the highest total cost per data breach being $5.4 million (€4.1 million).

“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” said Larry Ponemon, chairman, Ponemon Institute.

“Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22 percent since the first survey.”

The study also shows that mistakes made by people and systems are the main causes of data breaches. In total, they account for 64% of incidents.

However, it’s worth noting that the most costly breaches are the ones carried out by malicious and criminal actors.

In fact, if malicious actors are involved, the cost per compromised record increases to $277 (€211) in the US. In countries such as Brazil and India, the cost per compromised record in case of malicious attacks is $71 (€54) and $46 (€35), respectively.

“Given organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear,” said Anil Chakravarthy, executive vice president of the information security group, Symantec.

“Companies must protect their customers' sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center.”

The complete report can be downloaded from here (registration required).