PwC recently conducted a survey of organizations in the UK about cyber security incidents. In the 2015 Information Security Breaches Survey, commissioned by the Department for Business, Innovation and Skills (BIS), it’s clear that security breaches continue to rise and also that the average cost per breach is rising even more quickly.
According to the survey, 90% of large organisations reported that they had suffered a security breach, up from 81% in 2014; small organizations also faced a drastic rise in security breaches, with nearly three-quarters affected in the past year. For a large organization, the ‘starting point’ for breach costs (including business disruption, lost sales, recovery of assets, and fines & compensation) is £1.46 million ($2.28 million), up from £600,000 the previous year. The higher-end of the average range also more than doubles, at £3.14million (from £1.15 in 2014). Similarly, Ponemon Institute noted that the average cost of a data breach per organization is now $3.79 million, a global average cost which has year-to-year been on the rise.
As we’ve seen with many reports this year, people are as likely to cause a breach as viruses and other types of malicious software. 50% of the worst breaches in 2014 were caused by inadvertent human error, up from 31% the previous year. The survey offers addition insights into potential causes for severe data breaches, including a lack of understanding of security policies and insufficient priority on security by senior management. It’s an interesting read.
In order to manage these data security risks, so often impacted by people within the organization, we advocate for a 3-pronged approach to mitigate security risks, including Education, Policies and Layered Technology solutions to secure devices, which we outline in our own whitepaper, The Enemy Within - Insiders are still the weakest link in your data security chain. Absolute DDS can help your organization plug the security holes created by mobility and human error. Our unique Persistence technology offers an important layer to any data security strategy and helps mitigate the risk of human error, rogue employees, and cybercrime. Learn more at Absolute.com