Ride the Lightning

Ponemon Institute: Average Cost of a Data Breach Exceeds $3.8 Million

July 19, 2018

The 2018 Cost of a Data Breach Study is available for download from IBM here. The study was done by the Ponemon Institute and IBM. This year's study reports that the global average cost of a data breach is up 6.4% over the previous year to $3.86 million. The average cost for each lost or stolen record containing sensitive and confidential information also increased by 4.8% over the previous year to $148.

IBM Security and Ponemon conducted interviews with nearly 500 companies that experienced data breaches, and they collected information on hundreds of cost factors surrounding a breach, including technical investigations and recovery, notifications, legal and regulatory requirements, cost of lost business, and loss of reputation.

As reported by VentureBeat, the study found that hidden costs in data breaches — such as lost business, negative impact on reputation and employee time spent on recovery — are difficult and expensive to manage. For example, the study found that a third of the cost of "mega breaches" (over 1 million lost records) were derived from lost business. And that is course why the C-Suite has nightmares about data breaches. The reputational damages can be extraordinary.

In the past five years, the amount of mega breaches (breaches of more than 1 million records) has increased from nine mega breaches in 2013 to 16 mega breaches in 2017. Due to the small amount of mega breaches in the past, the Cost of a Data Breach study historically analyzed data breaches of around 2,500 to 100,000 lost records.

The vast majority of the mega-breaches (10 out of 11) were caused by malicious attacks rather than technical failures or human error. The average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days).

For the 8th year in a row, healthcare organizations had the highest costs associated with data breaches — costing them $408 per lost or stolen record — nearly 3 times higher than the cross-industry average ($148).

The wisdom of the study's lessons is encapsulated in the following quote:

"The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach" said Larry Ponemon, chairman and founder of Ponemon Institute, in a statement. "While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs."

Want to minimize the cost of a breach? Listen to Larry.

E-mail: Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology
https://www.senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson