News
News
3/9/2007
02:52 PM
Connect Directly
RSS
E-Mail
50%
50%

Human Error More Dangerous Than Hackers

A survey also shows that 68% of organizations experience six losses of sensitive data every year, and 20% suffer from 22 or more.

When it comes to the loss of sensitive data, hackers are much less of a problem than a company's own employees.

That's according to a study released by the IT Policy Compliance Group. The survey also shows that 68% of organizations experience six losses of sensitive data every year, while another 20% are suffer from 22 or more sensitive data losses annually.

Who's responsible? Company employees making mistakes account for 75% of all data losses, according to the report. Malicious activity, such as Internet-based threats, attacks, and hacks, only accounts for 20%.

"Preventative measures, such as built-in IT controls, are vital to ensuring that businesses protect the data they collect," said Heriot Prentice, director of technology practices at The Institute of Internal Auditors, in a written statement. "It shouldn't be an afterthought, but rather considered up-front in the design of hardware and software redundancy to ensure the information is kept secure and supported throughout the data life cycle. It's that simple. If you collect it, then protect it."

The study also shows that companies and agencies that report data breaches on average experience an 8% loss of revenue and a similar loss of customers who are worried about personal data. Added to the losses is the cost associated with notifying customers whose data has been lost, along with restoring the data. That, according to the report, adds up to $100 per lost or stolen customer record.

"While some of the results here may give cause for alarm, there's also the strong suggestion that some organizations have managed to provide responsible oversight of their data," said Robert Richardson, director of the Computer Security Institute, in a written statement. "These are organizations we want to applaud and to emulate."

According to survey responses from organizations with the fewest losses of sensitive data, they are spending more time monitoring policy compliance and are employing multiple IT controls to reduce the loss of data. Best-in-class organizations are monitoring and measuring controls and procedures to protect sensitive data once a week, while most firms are conducting such measurements only about once every 176 days.

The report also offers suggestions to improve data protection:

  • Take the time to identify the most sensitive business data
  • Train employees and implement technology to mitigate user errors, policy violations, and Internet attacks
  • Monitor controls and procedures to ensure compliance
  • Increase the frequency of audits and measurements.
  • The IT Policy Compliance Group runs a Web site to help companies meet policy and regulatory compliance goals. It's backed by members such as the Institute of Internal Auditors, the Computer Security Institute, and Symantec.

    Comment  | 
    Print  | 
    More Insights
    The Business of Going Digital
    The Business of Going Digital
    Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
    Register for InformationWeek Newsletters
    White Papers
    Current Issue
    InformationWeek Tech Digest - July10, 2014
    When selecting servers to support analytics, consider data center capacity, storage, and computational intensity.
    Flash Poll
    Video
    Slideshows
    Twitter Feed
    InformationWeek Radio
    Archived InformationWeek Radio
    Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
    Live Streaming Video
    Everything You've Been Told About Mobility Is Wrong
    Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.