The Ponemon Institute recently published its 2016 Cost of Data Breach Study: Global Analysis, delving into the average costs of a breach by region, industry, and reason for being breached.
According to the study, the average cost of a data breach incident is now $4 million, jumping nearly 29% higher from back in 2013. This report mentions a list of reasons behind the cost increase, with the lack of corporate planning topping the list. Not far behind was the general increase in the number and size of attacks, which is up 64% from just last year, and targeting industries with weaker defenses in place.
In terms of the average size of a data breach, India (31,225 records) and the Arabian Region (30,179 records) are leading the way, with the United States not far behind averaging at 29,611 compromised records per data breach.
When comparing the cost-per-record by industry, health care led the way followed by education, financial, and services with respective costs per record averaging at $355, $246, $221, and $208.
The underlying cause of each data breach is almost evenly split 50/50 between malicious attacks and human error & system glitches.
This report mentions that the best way to mitigate the damage caused by a data breach is to have an incident response team in place, ready with armed defenses to react to being struck. By having this team in place, the cost-per-record average goes down $16 to $158, saving companies on average $400,000. $158 is the average cost per record worldwide, but the U.S. average is the highest in the world, averaging at around $221 per record for 2016.
Other viable cost reduction options include the use of encryption, $13 per record; employee training, $49 per record; and having a CISO in place, $9 per record.
There are also actions that corporations take that increase the per-record cost associated with a data breach. Third-party involvement is at the top of the list, boosting the average cost by $14 per record due to the complicated and lengthy amount of time it takes to respond and resolve data breach issues.
Understandable, when it comes to third party providers, there’s really not much organizations can do to cut these vendors out of their business model, but they can at least do is make strict guidelines in place for how their vendors are protecting the sensitive data that’s shared with them.
If this report has taught us anything, it’s that organizations need to reposition their defenses and implement best in class breach prevention and detection solutions to ward off cybercriminals and protect the sensitive credentials of consumers. Having solutions in an organization's IT environment that can detect the presence of malware and ensure hardening measures and user access controls are being enforced will help better protect our sensitive data.
With solutions like Breach Detection, your organization I’ll be able to monitor any activity within sensitive files and alert you if and when a breach occurs.
Each time access is provided to this sensitive data, the potential for loss of privacy and integrity increases. With that being said, organizations need to embrace a robust breach detection solution to avoid being the next victim of a large-scale attack.