Malicious or criminal cyber attacks are the most expensive cause of data breaches, and organizations have kicked up their efforts to better protect themselves from web assaults, according to a study by the Ponemon Institute.
One of the study’s top findings reveals that nearly one-third of all cases in the study involved a malicious or criminal attack, marking the first time malicious attacks were not the least common cause for breaches compared to previous years, the report said.
Breach costs for malicious attacks skyrocketed, the report said, with the average cost of a compromised record reaching $318, up $103 (48 percent) from 2009. The most expensive data breach in this year's study cost a company $35.3 million to resolve, while the least expensive data breach was $780,000.
While preventing malicious breaches is a top priority, only one cause of data breaches ““ negligence ““ was present in more than 40 percent of studied cases. The two most expensive breach types overall ““ those occurring to first-time victims and those caused by malicious or criminal attacks ““ happened less than one-third of the time.
The considerable cost increases in data breaches reiterate the “extreme danger hostile breaches pose,” the report said. However, it seems as if organizations are responding accordingly: More companies respond quickly (within 30 days) to handle the breach, and 45 percent of respondents said they had a CISO (or equivalent title) to manage data compromises.
As for post-remedial efforts, the report found that training and awareness programs remain the most popular solutions (63 percent), but encryption and other technologies are gaining more traction (61 percent).
Since 2008, technological solutions have seen the strongest growth while personnel and policy solutions have increased more slowly, a possible indication that companies continue to rely upon educating their workforce and enabling it to personally help stop future data breaches. At the same time, the report added, companies are increasingly aware of — and willing to adopt — technology to help prevent and mitigate breaches.