Its common knowledge that data breaches are growing in intensity and sophistication. Scarcely a week passes without the news of some high-profile attack or another flooding the headlines. What makes the situation worse is the fact that the cost of breaches continues to rise.
According to Lutz Blaeser, MD of Intact Software Distribution, a recent Ponemon report, “The 2016 Cost of Data Breach Study: Global Analysis Benchmark” revealed that the average total cost of a data breach for the 383 companies in 12 countries participating in the research increased to $4-million from $3,79-million in 2015.
In addition, the research showed that the average cost paid for each lost or stolen record containing sensitive and confidential information rose from $154 last year to $158 this year. “Over and above the cost, the study examines the likelihood of a company having one or more data breach incidents over the next 24 months. The researchers estimate a 26% probability of a material data breach involving 10 000 lost or stolen records.”
Blaeser adds that this year’s research also indicated that companies in Brazil and South Africa are most likely to experience a material data breach that involves this number of records, whereas businesses in Germany and Australia are least likely to experience a breach of this nature.
“All organisations that took part experienced a data breach ranging from around 3 000 to a little over 101 500 compromised records. The Ponemon Institute describes a compromised record as one that identifies the person whose data has been lost or stolen in the course of a data breach.”
Moreover, he says Ponemon revealed that data breaches cost US and German companies the most, and Brazil and Indian companies the least, with per capita costs of breaches in these countries at $221, $213, $100 and $61 respectively.
“Naturally, the more records compromised, the greater the cost of the breach. This year’s research showed that the cost ranged from $2,1-million for a loss of less than 10 000 records to $6,7-million for over 50 000 compromised records.”
He adds that the report showed that the majority of data breaches are caused by hackers and malicious insiders. “Around half of all breaches looked at in this year’s research were caused by malicious or criminal attacks, and the average cost per record to resolve these attacks was $170.”
On the other hand, system glitches cost around $138 per record and human error or negligence $133 per record. Companies based in Canada and the US spent the most to resolve malicious or criminal attacks, forking out $236 and $230 per record respectively.
In terms of factors that lowered the cost of a breach, the report cited the existence of incident response teams and the extensive use of encryption as being most effective, says Blaeser. “An incident response team lowered the cost of breach by $16 per record, from $158 to $142.”
Over the many years that that Ponemon has been examining the data breach experiences of thousands of companies, several trends have emerged. Firstly, the data breaches have become a consistent cost of doing business in the cybercrime era. Next, the most significant financial consequence to businesses that experienced a data breach is lost business.
Blaeser says companies also acknowledge that the longer it takes to detect and contain a data breach, the more expensive it becomes to resolve. “Breaches that happen to highly regulated industries such as health care and financial services cost the most, due to the fines imposed as well as the higher-than-average rate of lost business and customers.”
The research also revealed that bettering data governance initiatives will lower the cost of data breach. “In addition, investments in data loss prevention controls and activities such as encryption and endpoint security solutions are crucial for preventing data breaches.”