Symantec Corp. (Nasdaq: SYMC) and the Ponemon Institute today released the 2013 Cost of Data Breach Study: Global Analysis which reveals human errors and system problems caused the vast majority of data breaches in 2012.
2. Ponemon Institute and Symantec Research
• Eighth year Ponemon has conducted this benchmark study
• Examines the following topics:
– Average costs from a breach (direct and indirect)
– Potential legal costs
– Costs of lost customers and brand damage
– Key trends
– Preventive measures taken after a breach
• Results are not based upon hypothetical responses
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 2
3. Methodology
3
16 industry sectors
277 organizations in nine countries
actual data breach experiences
0 catastrophic data breaches
incidents >100,000 compromised
records not included
1,400
individuals interviewed
responsible for IT, compliance, infosec
with knowledge of data breach costs
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013
4. Globally data breaches cost more per record
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 4
42
58
124 125 132 133
168
188
199
42
102
132 124
145
159
194 191
0
50
100
150
200
250
IN BZ IT JP UK AU FR US DE
Average per capita cost of data breach over two years
Measured in US$
FY 2012 FY 2011
per compromised record
in 2012
per compromised record
in 2011
5. Mistakes cause 2/3 of data breaches
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 5
Negligence
/ Human
Factor
35%
System
Glitches
29%
Malicious
Attacks
37%
Major Causes of Data Breach
Global
42
29
36 37 33 31 35 33 36
35
46 32 29
26 27 23 24 16
23 25
32 34
41 42 42 43 48
BZ IN IT UK US FR JP AU DE
Percent
Major Causes of Data Breach
by Country
Negligence System Glitch Malicious Attack
6. Insider threats constantly challenge organizations
0
10
20
30
40
50
2009 2010 2011 2012
Percent
Main Causes of Data
Breach (U.S.) Over Time
Negligence
System Glitch
Malicious Attack
0
50
100
150
200
250
300
350
2009 2010 2011 2012
Costperrecord
Cost of Data Breach (U.S.)
by Cause Over Time
Negligence
System Glitch
Malicious Attack
62013 Annual Study: Global Cost of a Data Breach - June 5, 2013
7. Malicious attacks are most costly everywhere
42
54
113
105
117
129
152
182
159
40
55
117
116
122
135
155
187
174
46
71
140
155
157
164
187
214
277
0 100 200 300 400 500 600 700
IN
BZ
JP
IT
UK
AU
FR
DE
US
Negligence System Glitch Malicious Attack
Data breaches due to malicious or criminal attacks average $157 per record globally
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 7
8. Some countries more vulnerable to customer churn
• Lost business costs steady at $3.03
million in 2012 (from $3.01 million
in 2011)
• 13% decrease in customer churn
• Taking steps to keep customers
loyal and repair damage to
reputation and brand can help
reduce the cost of a data breach
2.4
2.72.8
3 3.1
3.83.8
4
4.4
0.0
0.5
1.0
1.5
2.0
2.5
3.0
3.5
4.0
4.5
5.0
BZ IN US JP UK DE IT AU FR
Percent
Abnormal Churn Rate
By Country
Abnormal Churn Rate
United States:
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 8
9. Third party error (+$19)
Lost or stolen devices
(+$8)
Quick notification (+$7)
Strong security posture
(-$15)
Incident response plan
(-$13)
CISO appointment (-$8)
Consultants engaged (-
$5)
Costgoesupwhen…
Costgoesdownwhen…
Seven factors that raise / reduce cost of a data breach
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 9
10. Best Practices to Avoid Major Causes of Data Breach
• Educate employees and train them on how to handle
confidential information.
• Use data loss prevention technology to find sensitive data and
protect it from leaving your organization.
• Deploy encryption and strong authentication solutions.
• Prepare an incident response plan including proper steps for
customer notification.
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 10
11. Data Breach Risk Calculator
• Enables organizations to
estimate how a data breach
could impact their company
• Uses eight years of trend
data from this study
• It can calculate:
– The likelihood that the
company will experience a
data breach in the next 12
months
– The cost per record in the
event of a data breach at the
company
– The overall cost of a data
breach at the company
• www.databreachcalculator.com
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 11
12. In Summary
• Key Findings:
– Globally the average cost of a data breach continues to climb
– Mistakes (negligence and system glitches) still cause most data breaches
– Malicious attacks are the most costly data breach incidents in all nine
countries
– Customer churn varies by country
– Specific attributes increase the cost of a data breach
– Certain factors reduce the cost of a data breach
• Data breaches continue to have serious financial consequences
for organizations worldwide
• Organizations are becoming better at managing the costs to
respond to and resolve data breach incidents
2013 Annual Study: Global Cost of a Data Breach - June 5, 2013 12