The “Cost of Data Breach Study” (sponsored by IBM), was recently conducted and published by Ponemon Institute. Close to 300 organizations from eleven countries participated in this year’s study. There are some important findings for Security Professionals.
Data breaches are becoming increasingly common around the world. It seems like we hear of a major breach every other week and who knows how many we don’t hear about. A major data breach can cost large companies millions of dollars in lost records and then the research into what happened, why it happened, and what to do prevent future attacks. But the highest cost of all is that of a loosing a customer forever.
The study asked some key questions of organizations participating in the study, including
- What is the cost of a data breach?
- What are the main causes of a data breach?
- What types of attacks result in the highest data breach costs?
- What is being done to reduce the cost of a potential breach?
- Which threats pose the greatest concern?
- How effective are the current methods being used to avoid breaches?
With up to nine years of data to work with, this annual Cost of Data Breach Study conducted by Ponemon offers detailed trending information on the cost of a data breach. The cost measurement includes direct, indirect and opportunity costs associated with an organization’s response to the theft or loss of personal information.
Some overall important findings include:
- Most countries saw an uptick in both in the cost per stolen or lost record and in the average total cost of a breach.
- The average cost of data breach has increased 15% to $3.5m
- The cost of each stolen sensitive and confidential data occurrence has increased 9% to $145
- Fewer customers remain loyal after a breach, particularly in the financial services industry.
- For many countries, malicious or criminal attacks are the most frequent root cause of the data breaches.
- Having business continuity management involved in the remediation of a breach can help reduce the cost.
Some country-specific findings include:
- US and Germany respondents reported the most costliest breaches with each costing $201 and $195 respectively. India and Brazil reported the lowest, with each costing $51 and $70, respectively.
- Countries which are most likely to face data breach include India, Brazil and France
- Data loss cost companies most customers in France and Italy while least number of customers were lost by companies in Brazil and Arabian region.
- The main cause of data breach differs from country to country
- Malicious or criminal attack was the highest cause in Germany and Arabian countries
- System glitch is main cause of breach in India
- Human error is the main cause of breach in the UK and Brazil.
- Malicious attacks were the costliest type attack with the US and Germany with organisations paying maximum of $246 and $215 per compromised record while least amount paid in India and Brazil, where companies paid $60 and $77 per compromised record, respectively.
- As a preventive measure, companies should have a crisis management and data breach response plan in place. The research shows that having an efficient and swift response to the breach and containment of the damage reduces the cost of breach significantly.
To download the complete report please use the following link: www.ibm.com/services/costofbreach