First Reference company logo

Inside Internal Controls

News and discussion on implementing risk management

machine cogs image

Employee error causes most breaches; spyware breaches are most costly

The two most common sources of breaches are unintended disclosure—like misdirected emails and faxes, which account for 31 percent—and the physical loss of paper records, accounting for 24 percent. That’s according to a new analysis of more than 1,500 data breaches in 2013 and 2014.

The findings were released by Beazley Breach Response Services yesterday at the IAPP Privacy Academy and Cloud Security Alliance Congress in San Jose, CA.

The analysis found that of those unintended disclosures, the loss of paper records is especially prevalent among healthcare organizations.

Breaches due to malware or spyware, meanwhile, represented only 11 percent of the overall total, but they are on the rise. The total number of breaches in that category grew by 20 percent between 2013 and 2014 and, due to heavy forensics costs, are an average of 4.5 times more costly than the unintended disclosure breaches.

With more information being stored electronically and in the cloud, the risk of data breaches is growing,” said Katherine Keefe, head of Beazley Breach Response Services. “Consumers expect their privacy will be protected, and a data breach can have serious reputational and financial impact.”

An Economist Intelligence Unit study conducted among consumers in 24 countries in March of 2013 found that 18 percent of respondents had been victims of a data breach, and of those, 38 percent said they terminated business with the organization because of the breach.

Written by Angelique Carson, CIPP/US
Originally published on The Privacy Advisor by the International Association of Privacy Professionals (IAPP)

Occasional Contributors

In addition to our regular guest bloggers, Inside Internal Controls blog published by First Reference, provides occasional guest post opportunities from various subject matter experts on the topics of risk management and best practices in finance and accounting, information technology, environmental issues, corporate governance, sales/marketing and operations, not-for-profits and business related issues in Canada. If you are a subject matter expert and would like to become an occasional blogger, please contact Yosie Saint-Cyr at If you liked this post and would like to subscribe to Inside Internal Controls blog click here.

, , , , , , , ,

Comments are currently closed.