According to the 2018 Cost of a Data Breach Study, a recent data security study conducted by Ponemon Institute and funded by IBM, about 25 percent of all U.S. data breaches were attributed to negligence, which includes failing to properly erase data from devices. In fact, the study reports negligent breaches are about half as frequent as criminal breaches.
Breaches of this nature are increasing in frequency and are costing companies more to manage. Data breaches cost U.S. organizations about $7.9 million per year. Costs vary by breach cause, with negligent breaches costing roughly $128 per compromised record. Breaches caused by system glitches or malicious attacks had even higher costs.
Another factor that can affect costs is the industry. For example, those associated with data breaches in the healthcare sector are nearly double the costs for financial industry breaches. In fact, breaches in the public sector came in with the lowest costs.
Besides rising costs, the study found the average size of data breaches increased by 2.2 percent (the size refers to the number of records in a breach). The U.S. was among the countries with the largest average number of breached records, according to the report.
According to ITAD company Cascade Asset Management, the report highlights “the importance of investing in preventative programs that mitigate the risk of a security incident.”
And with the rise of the IoT in the workplace, secure data management practices need to be adopted. Due to the rush to produce and an overwhelming lack of standards for sharing and protecting data, complete data erasure on connected devices is extremely difficult. At best, the information stored on these devices can be used to feed into a database and make it easier for hackers to crack passwords. At worst, your business could leak customer data into the hands of cyber-criminals. Therefore, it’s always better to err on the side of caution when it comes to data security.
While the theft of sensitive data isn’t necessarily something that can be completely eradicated overnight – computer criminals’ methods are becoming just as sophisticated as those of the very best security companies – human error is a factor which can be more easily overcome, provided that staff are given the appropriate level of training for dealing with data safely and securely.