Ponemon Institute reports that the average consolidated total cost of a data breach is $3.8 million --representing a 23 percent increase since 2013.
The study also found that the average cost incurred for each lost or stolen record containing sensitive and confidential information increased six percent from a consolidated average of $145 to $154. Healthcare emerged as the industry with the highest cost per stolen record, with the average cost for organizations reaching as high as $363.
The key takeaways from the report are:
* Board level involvement and the purchase of insurance can reduce the cost of a data breach. Board involvement reduces the cost by $5.50 per record. Insurance protection reduces the cost by $4.40 per record.
* Business continuity management plays an important role in reducing the cost of data breach. The research reveals that having business continuity management involved in the remediation of the breach can reduce the cost by an average of $7.10 per compromised record.
* The most costly breaches continue to occur in the U.S. and Germany at $217 and $211 per compromised record, respectively. India and Brazil still have the least expensive breaches at $56 and $78, respectively.
* The cost of data breach varies by industry. The average global cost of data breach per lost or stolen record is $154. However, if a healthcare organization has a breach, the average cost could be as high as $363, and in education the average cost could be as high as $300. The lowest cost per lost or stolen record is in transportation ($121) and public sector ($68).
* Hackers and criminal insiders cause the most data breaches. Forty-seven percent of all breaches in this year's study were caused by malicious or criminal attacks. The average cost per record to resolve such an attack is $170. In contrast, system glitches cost $142 per record and human error or negligence is $137 per record. The US and Germany spend the most to resolve a malicious or criminal attack ($230 and $224 per record, respectively).
* Notification costs remain low, but costs associated with lost business steadily increase. Lost business costs are abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished good will. The average cost has increased from $1.23 million in 2013 to $1.57 million in 2015. Notification costs decreased from $190,000 to $170,000 since last year.
* Time to identify and contain a data breach affects the cost. Malicious attacks can take an average of 256 days to identify while data breaches caused by human error take an average of 158 days to identify.
Add new comment