Peter A Clarke

A security research company, Symantec, has produced a report stating that  36 UK firms spanning 11 different industries had experienced data breaches during 2011 that resulted in them notifying the Information Commissioner and affected customers.  The report is found here.

The data breaches were caused on 36% of occasions by “a negligent employee or contractor” whilst “system glitches” were responsible for 33% of the instances. The glitches account for “a combination of both IT and business process failures,” the report said. Malicious or criminal attacks were the cause of the remaining 31% of cases.

Symantec said that the amount of information breached on average had fallen and that a higher percentage of customers were generally remaining loyal to organisations that had lost data.  Firms also experienced lower costs relating to lost business stemming from data breaches, the report said. Those costs – which account for factors such as losses to businesses’ reputations as well as diminished goodwill – “sharply decreased from £913,910 in 2010 to £779,414 in 2011”.

The study said breaches caused by malicious or criminal attacks were “the most costly”. “Accordingly, organisations need to focus on processes, policies and technologies that address threats from the malicious insider or hacker”.