Data breaches are getting costly for companies who do not sufficiently protect their infrastructure, according to one report.
The report, from security software firm Symantec, says data breaches can cost companies on average $7.2 million per year and an average of $214 per compromised record. These numbers -- compiled from data breach experiences of 51 U.S. companies from 15 different industry sectors -- are up from last year when they cost companies $6.8 million.
The study, which was conducted by the Ponemon Institute, a research firm, found the rising costs are due to rapid responses. The response to data breaches is costing companies 54 percent more per record than companies that moved more slowly.
We continue to see an increase in the costs to businesses suffering a data breach, Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement. Regulators are cracking down to ensure organizations implement required data security controls or face harsher penalties. Confronted with both malicious and non-malicious threats from inside and outside the organization, companies must proactively implement policies and technologies to mitigate the risk of costly breaches.
Naturally, there is a reason for the increasing cost of data breaches -- malicious attacks are on the rise. This year's study saw 31 percent of all cases involved a malicious or criminal act, up seven points from 2009 and averaged $318 per record, up 43 percent.
Negligence remained the most common threat according to the report. Breaches due to negligence were up one point to 41 percent and averaged $196 per record, up 27 percent from 2009. The biggest problem is the lack of training and awareness within organizations. Symantec says the number of respondents who use training and awareness programs after data breaches is down four points from 2009.
Securing information continues to challenge organizations at all levels, but the vast majority of these breaches are preventable, Francis deSouza, senior vice president of Symantec's Enterprise Security Group, said in a statement. Organizations must not only protect the data itself wherever it is stored or used, but also create a culture of security including training, policies and actions.
To contact the reporter responsible for this story call (646) 461 6920 or email firstname.lastname@example.org.