For full functionality of this site it is necessary to enable JavaScript. Here are the instructions how to enable JavaScript in your web browser.

Close

Not a member yet? Register now and get started.

lock and key

Sign in to your account.

Account Login

What Data Breaches Now Cost And Why

New Ponemon report says the cost of a data breach has increased by 23% and healthcare and education breaches are the most pricey.
The actual cost of a data breach is all about industry sector and location, location, location. Healthcare and education sectors incur the highest breach costs of all industries, and Germany and the US cost victim organizations more than anywhere else in the world. Such incidents in Brazil and India cost the least, according to the new Ponemon Group 2015 Cost of a Data Breach Study: Global Analysis.

Meanwhile, the average total cost of a data breach worldwide jumped a whopping 23% in 2014 — to $3.8 million, and the average cost of a stolen record containing sensitive information increased from $145 to $154, an increase of more than 6%. Ponemon attributes those higher numbers in part to the volume of attacks, loss of business or customers, and the amount victim organizations are spending on incident response. The report also found that the cost of a data breach actually drops when a company’s board of directors plays a more prominent role in the wake of a breach or when a company purchases breach insurance. An involved board of directors knocks down the per capita cost of a breach by $5.50, and insurance, by $4.40.

An incident response team cuts the per capita cost by $12.60, while wide use of encryption decreases the cost by $12; training employees, by $8; and business continuity management, $7.10. On the flip side, the per capita cost of a breach goes up when a third-party organization is part of the breach equation (think Target’s HVAC supplier) — by some $16. Several other factors also contribute to higher cost of a breach, including lost or stolen devices ($9); a “rush” to notification of a breach ($8.90); and hiring consultants to assist in the response process ($4.50).

Canada and Germany are the least likely countries for companies to suffer breaches, while Brazil and France are the most targeted nations of breaches with at least 10,000 data records stolen, according to data gathered for the report from 350 companies around the world. Industry-wise, a stolen healthcare record costs an organization some $363 per record and a stolen education sector record, up to $300 record. For retail, it’s $165 per record–up from $105 in 2014 mainly due to the rash of breaches in that industry. Transportation ($121) and the public sector ($68) incur the lowest cost per stolen record.

In the US, the cost per stolen record is $217 and in Germany, $211. The total cost of a data breach is an average of $6.5 million in the US and $4.9 million in Germany. Brazil and India were on the other end of the spectrum, with the average cost per record at $78 in Brazil and $56 in India. The average cost of a breach to an organization in Brazil was $1.8 million and in India, $1.5 million. Why the much lower numbers in Brazil and India? “A lot of the costs are indirectly or directly related to labor costs: in India and Brazil, there are lower costs for labor, such as assembling a forensic team” as well as associated economic factors, says Larry Ponemon.

Meanwhile, the report says there are three main drivers for the continued rise in the cost of a breach: the number of attacks continue to increase, with the associated costs to clean up; the financial fallout of lost customers is adding to the breach cost; and victim organizations are spending more on forensic investigations, assessments, and incident response team management. Cybercrime and malicious insider attacks are the most costly, the report found, at a price of $170 per stolen record versus $142 for system glitches and $137 for human error. It takes an average of 256 days to spot a data breach caused by a malicious attack, and 158 days to catch one caused by human error, the report found.