link to ARMA about us

General Information                     
Overview
What is RIM?
RIM FAQs
Leadership                       
Board of Directors  
Executive Officers  
Staff Contacts  
Governance                      
Mission, Vision, Values  
Code of Professional Responsibility  
Strategic Issues*  
Operating Plan*  
Board Minutes/Reports*  
State of the Association*  
Election Information*  
Chapters & Regions                              
Chapter Leadership Directory
Region Leadership Directory
Leadership Resources**
Chapter Listing
Awards                                                    
Awards
Cobalt Award
Educational Foundation  
Media Relations  
Advertising Information                         
Media Kit
Sponsorships
Expo Guide
Buyer's Guide
Exhibitor Prospectus

join ARMA

Member Benefits  
Membership Applications                                 
New Application
Renewal Application*
LINC Application
Networking Opportunities                            
ARMA iConference
Social Media Sites
Chapter Leadership Directory
Volunteer Opportunities                            
Task Forces
Officer Candidate Application*
Code of Professional Responsibility  

ARMA publications

What is RIM?  
Regulatory Updates           
Washington Policy Brief
Canadian Policy Brief
Global Policy Brief
Standards           
Standards & Best Practices
Glossary of RIM Terms
Information Management magazine  
Buyers Guide  
InfoPro Online*  
RIMinder Newsletter  
Newswire  
Washington Policy Brief  
Canadian Policy Brief  
Global Policy Brief  
Hot Topic  
Advertising Rates  

ARMA Resources

Standards           
Standards & Best Practices
Glossary of RIM Terms
Professional Competencies  
Code of Professional Responsibility  
Training Programs  
Podcasts  
Books & Videos  
RIM Promotion Materials  
RIM 101  
Media Releases  
Job Search  
Risk Assessments  
Facilitator Resources

ARMA bookstore

New Releases  
Product Search  
View Order Status  

goto customer service

FAQs
Update Profile
Change Password
View Recent Purchases
Bookstore Order Status
Contact Us
Privacy Policy

My ARMA

Member Logon
Update Profile
Change Password
Account Preferences
Member Directory
Board Minutes*
Strategic Plan*

ARMA site map

   
  Shopping Basket  
 

 



All news

Human Errors Cause Data Breaches, Too

January 30, 2012

Although much coverage of data breaches puts the focus on attempts to breach the technology tools most companies use, a new survey draws attention to another element – those caused by human errors. The study concludes that consumer and customer information collected by organizations is at great risk due to employee negligence, insider maliciousness, and system glitches, as well as attacks by cyber criminals.

Aftermath of a Data Breach, sponsored by Experian, conducted by Ponemon Institute, and published in January 2012, included 584 IT practitioners who had reported that their organization had experienced at least one data breach in the previous 24 months. It draws attention to some interesting statistics:

  • Human causes of data breaches include negligent insiders (34%), outsourcing to third-party (19%), malicious insiders (16%), failure to shred confidential documents (6%), and data lost in physical delivery (5%).
  • Causes of systems data breaches include system glitches (11%) and cyber attacks (7%).
  • In 60% of reported incidents, customer data was not encrypted.

The authors also drew attention to an earlier Ponemon study (Reputation Impact of a Data Breach, published in November 2011), which reported that it can take a year after a data breach incident for an organization to restore its reputation. That study also reported that the average loss in the value of an organization’s brand over that year was $332 million.

The negative consequences of a data breach are striking:

  • Loss of productivity (50%)
  • Loss of customer loyalty (41%)
  • Legal action (34%)
  • Unfavorable media coverage (30%)
  • Customer turnover (28%)
  • Decline in company’s share price (25%)

Even after experiencing a data breach, the IT practitioner participants acknowledged that they feel their organizations are still vulnerable to another breach due to:

  • Negligent employees, temporary employees, or contractors (66%)
  • Negligent third parties, such as vendors and outsourcers (53%)
  • Missing equipment, including portable devices (45%)
  • Social media (25%)
  • Missing backup media (23%)

As noted by Aftermath of a Data Breach, human risk factors are easier to mitigate than those due to outside attacks. In establishing data breach procedures and considering cyber insurance, companies should not overlook the “low tech” solutions that can have a real impact on preventing data loss. Risks can be mitigated through fairly simple solutions such as developing and implementing policies and procedures, providing employees training and raising their awareness, negotiating tighter contractual protections and service level agreements with vendors, and encrypting mobile devices.

Diane Carlisle

NewsWire

Facebook Twitter DZone It! Digg It! StumbleUpon Technorati Del.icio.us NewsVine Reddit Blinklist Add diigo bookmark

NewsWire not only alerts you to the most significant information-related topics in the news, it provides expert analyses that put them in context for you as an information professional. Read regularly, it will help you stay current with compliance, risk management, legal, privacy, and information technology issues and understand their implications for your business environment.

Want to sign up to receive an email version of ARMA International's NewsWire? It's free! Just tell us a little about yourself and you'll receive a monthly dose of the latest in legislation, regulation, and more.

    

Advertisement: Ask the Expert - Imerge Consulting

Advertisement: RSD

Advertisement: ARMA Buyer's Guide

 
     
 
about arma     join arma     your membership     contact arma     help   PRIVACY POLICY


© 2009, ARMA International