Data breach costs are continuing to have an impact on Australian companies with some organisations reporting a loss of $2.16 million, according to a new study from Symantec and the Ponemon Institute.
The 2011 Cost of Data Breach Study: Australia report was based on the findings of data breaches experienced by 22 Australian companies within 10 industry sectors.
The report found that both the cost per lost or stolen record and the total organisational cost of a data breach have increased in the past 12 months. In 2010, the cost per record was $128 and increased 8 per cent to $138 in 2011. The average total cost of a data breach increased from $2 million in 2010 to $2.16 million in 2011.
According to the study findings, 36 per cent of data breaches were caused by malicious or criminal attacks in 2011. These also proved to be the most expensive breaches with the highest per capita cost of $183 per record in 2011. Other causes of data breaches were identified as human negligence and system glitches, each accounting for 32 per cent of incidents.
“As local organisations embrace new technologies, businesses need to focus on processes, policies and technologies that improve their ability to prevent and detect data breaches,” Symantec Pacific vice president and managing director, Craig Scroggie, said in a statement.
“Taking steps to keep customers loyal and repair any damage to reputation and brand after a data breach has occurred, can help to significantly reduce the cost of a data breach.”
The study also found that lost or stolen devices were a common factor in Australian data breaches, impacting 32 per cent of respondents. Additionally, 36 per cent of companies surveyed said that their data breaches involved mistakes by third parties including outsourcers, Cloud providers and business partners.
Lost business costs relating to reputational damage, diminished goodwill and increased customer acquisition activities, increased 22 per cent from $690,000 in 2010 to $840,000 in 2011.
Scroggie added that many data breach incidents still go unreported in Australia, leaving customers unaware that their personal information has been compromised.
“It is important that Australia fast tracks the adoption of data breach notification laws which encourage business to minimise the likelihood of a breach rather than focusing on the aftermath,” he said.
Symantec was not the only security vendor to find evidence that most data breaches could have been prevented.
A Verizon report on data breaches, recently released, found that in a vast majority of attacks (80 per cent), hackers hit victims of opportunity rather than companies they sought out.
The Verizon findings suggest that while companies are spending increasing sums of money on sophisticated new security controls, they are also continuing to overlook fundamental security precautions.
Got a security tip-off? Contact Hamish Barwick at hamish_barwick at idg.com.au
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow Computerworld Australia on Twitter: @ComputerworldAU