According to a new study by the Ponemon Institute, 55 percent of small businesses surveyed had experienced data breaches. Many of those incidents were caused by mistakes or intentional actions on the part of employees and contractors.
Nathan Eddy with eWeek reported, "A Ponemon Institute survey of small businesses throughout the United States found that 55 percent of those responding have had a data breach, almost all involving electronic records, and 53 percent had multiple breaches, suggesting the nation’s small to medium-size businesses (SMBs) are at serious risk of a data breach. The primary causes of the data breaches were employee or contractor mistakes, such as lost or stolen laptops, smartphones and storage media, as well as procedural mistakes."
Dark Reading published the Ponemeon press release, which said, "On average, organizations experience approximately one fraud event per week, according to information from the second annual Attachmate Corporation and Ponemon Institute survey, 'The Risk of Insider Fraud,' released at RSA Conference 2013. However, only 44% of respondents say their organization views insider fraud prevention as a top security priority, a perception which has declined since 2011. This misconception can prove costly: The average cost of a data breach in a 2011 study was $194 per lost or stolen record."
ZDNet's Joe McKendrick noted, "Part of the reason why security breaches are so costly is that it takes an average of 87 days to first recognize that insider fraud has occurred, and more than three months (105 days) to get at the root cause of the fraud, the study found. On average, organizations have had approximately 55 employee-related incidents of fraud in the past 12 months. This is about the same as in last year's survey (53 incidents each year)."
Bloomberg BusinessWeek's Patrick Clark observed, "What caught me off guard? Only 33 percent of the compromised companies in the survey said they had informed data-breach victims of their losses. That is, many of the survey respondents that lost track of customers’ or employees’ personal data didn’t bother to alert the victims. Laws in 46 states (PDF) require that data breach victims be notified of the loss of personal info."