Negligent insiders contribute to costly data breaches

Canada has experienced its share of high profile data breaches in the past year, with much of the attention focused on storage devices gone missing from government departments. While protection against hacking attacks and malware planted by cyber criminals dominates many security concerns, it is actually mistakes made by people and systems that cause the majority of data breaches.

According to Symantec’s 2013 Cost of a Data Breach study, negligence and system glitches together accounted for 64 per cent of data breaches last year. These can include employees mishandling information, violations of industry and government regulations, inadvertent data dumps, stolen laptops, and wrongful access.


Insiders greatly contribute to data breaches. In fact, in the eight years since Symantec started tracking data breach costs with the Ponemon Institute, the insider threat leading to data breach has increased 22 per cent. What’s even more concerning is these trusted insiders likely don’t know they’re doing something wrong. In related research, Symantec found that 62 per cent of employees think it is acceptable to transfer corporate data outside the company on personal devices and cloud services. And the majority never deletes the data, leaving it vulnerable to data leaks.

These breaches caused by human error are significant. Globally, the average cost per lost record was of $117, meaning the mistakes made by trusted employees are costing enterprises a lot of money. While the cost of a data breach can vary widely because of the types of threats and data protection laws, the financial consequences are serious worldwide.

But this year’s report is not all bad news — in the United States for example, the total cost per data breach was down slightly at $5.4 million.

This suggests that organizations there have made improvements in how they plan for and respond to data breach incidents. Certain factors can help organizations reduce the cost of a data breach such as having a strong security posture and an incident response plan, and appointing a CISO.

“While Canadians weren’t included in the survey, the majority of the US organizations surveyed have a presence in Canada so the results for Canada are likely very similar,” said Larry Ponemon, Chairman and Founder, Ponemon Institute. “From previous Ponemon studies, we’ve seen that generally speaking, Canadians are better at protecting their information than Americans. They value privacy more.”

So what would a data breach cost your company? You can calculate an estimate of it yourself at

Symantec recommends the following best practices to prevent a data breach and reduce costs in the event of one:

  1. Educate employees and train them on how to handle confidential information.
  2. Use data loss prevention technology to find sensitive data and protect it from leaving your organization.
  3. Deploy encryption and strong authentication solutions.
  4. Prepare an incident response plan including proper steps for customer notification.

You can learn more about the Cost of a Data Breach here.

Sean Forkan
Sean Forkan
Sean Forkan is Country Manager for Symantec Canada, where he helps to secure and manage an information-driven world. Sean joins Symantec from Oracle Canada where as Area Vice President he was responsible for Commercial, Enterprise and Telco Hardware Sales in Canada. Prior to joining Oracle, Sean spent ten years at Cisco Systems where he worked in a variety of progressively more senior positions. Key to Sean’s success at Cisco was his ability to recruit, motivate and develop teams that could achieve and exceed performance targets.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.