Breaches Cost More, Hard to ID

Wednesday, May 27, 2015 @ 01:05 PM gHale


The average consolidated total cost of a data breach is $3.8 million up from $3.5 million the previous year, which is a 23 percent increase in total cost of a data breach since 2013, a new study reported.

In addition, malicious attacks can take an average of 256 days to identify while data breaches caused by human error take an average of 158 days to identify, according to a Ponemon Institute study of 350 companies spanning 11 countries sponsored by IBM.

RELATED STORIES
Complexity Halts Security: Report
Cyber Insurance Debate Heating Up
Breach: Subsea Cable Operator’s IT Network
Oil Industry Under Attack

On top of that, the average cost incurred for each lost or stolen record containing sensitive and confidential information increased six percent from a consolidated average of $145 to $154, the study found.

Three major reasons the report found contributed to the higher cost of data breach in 2015:
• Cyber attacks have increased in frequency and in the cost to remediate the consequences. The cost of data breaches due to malicious or criminal attacks increased from an average of $159 in last year’s study to $170 per record. Last year, these attacks represented 42 percent of root causes of a data breach and this increased to 47 percent of root causes in this year’s study.
• The consequences of lost business are having a greater impact on the cost of data breach. Lost business has potentially the most severe financial consequences for an organization. The cost increased from a total average cost of $1.33 million last year to $1.57 million in 2015. This cost component includes the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill. The growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach has contributed to the increase in lost business.
• Data breach costs associated with detection and escalation increased. These costs typically include forensic and investigative activities, assessment and audit services, crisis team management and communications to executive management and board of directors. This total average cost increased from $.76 million last year to $.99 million in this year’s report.

More companies are integrating forensic tools into their incident response procedures. In the long-term, deployment of these solutions will prove beneficial to companies because they will provide a clearer picture of the root causes of their data breaches. However, in many cases, these tools enable companies to discover the full extent of the breach.

This may result in the reporting of higher data breach costs than in previous years

Inundated with attacks of late, the healthcare industry had the highest cost per stolen record with the average cost for organizations reaching as high as $363. Additionally, retailers have seen their average cost per stolen record jump from $105 last year to $165 in this year’s study.

This year’s report found 47 percent of all breaches ended up caused by malicious or criminal attacks. The average cost per record to resolve such an attack is $170. In contrast, system glitches cost $142 per record and human error or negligence is $137 per record. The U.S. and Germany spend the most to resolve a malicious or criminal attack ($230 and $224 per record, respectively).

The average global cost of data breach per lost or stolen record is $154. However, if a healthcare organization has a breach, the average cost could be as high as $363, and in education the average cost could be as high as $300. The lowest cost per lost or stolen record is in transportation ($121) and public sector ($68).

Board level involvement and the purchase of insurance can reduce the cost of a data breach. Positive consequences can occur when boards of directors take a more active role when an organization had a data breach. Board involvement reduces the cost by $5.50 per record. Insurance protection reduces the cost by $4.40 per record.

Click here to download the report.



Leave a Reply

You must be logged in to post a comment.