CNET también está disponible en español.

Ir a español

Don't show this again


Study: Negligence cause of most data breaches

Negligence is to blame for most breaches, but criminal or malicious attacks are fastest-growing category and most expensive to deal with, says Ponemon Institute.

Breach costs and ranking by type of breach, 2009 and 2010.
Breach costs and ranking by type of breach, 2009 and 2010. Ponemon/Symantec

Negligence is the biggest cause of data breaches at corporations, but criminal attacks are growing fastest, a study released today concludes.

The average cost of a data breach for a victimized organization increased to $7.2 million, and the average cost per record came to $214, up $10 from the previous year, according to the 2010 Annual Study: U.S. Cost of a Data Breach, which was conducted by the Ponemon Institute and based on data supplied by 51 U.S. companies across 15 different industry sectors.

The costs associated with a breach involve detecting the incident, investigation, forensics, customer notification, paying for identity-protection services for victims, business disruption, and productivity losses, said Larry Ponemon, chairman and founder of the Ponemon Institute. A record can contain only one piece of information on an individual or multiple pieces of data, including social security number, contact information, driver's license number, purchasing habits, and account number, he said.

Malicious or criminal attacks are the most expensive and make up the fastest-growing category, with 31 percent of all breaches involving malice or crime. Negligence was the most common threat, with 41 percent of all breaches, according to the study, which was sponsored by Symantec.

The most expensive breach reported in the study was $35.3 million, and the least expensive was $780,000.

The companies have devised an online Data Breach Calculator for helping estimate how likely a breach is and how much a breach would cost based on an organization's size, industry, location, and security practices.