The Ponemon Institute, in collaboration with IBM, has released its annual study on the costs of data breaches globally and here in the United States. The “2016 Cost of Data Breach Study:
Global Analysis,” was published last week, and it contains some important findings to take note of, most of which reveal the rising costs associated with a data breach.
Among the study’s findings:
- The average total cost of a data breach in the U.S. as reported from the 64 companies participating in the study increased 7.5% from $6.53 million to $7.01 million. (Source: Lexology, “Data Breach Costs Rise to $4 Million Globally, $7 Million in the U.S,” June 20, 2016)
- The average cost of a data breach globally (383 companies participating) is now $4 million (USD), up from $3.79 million reported just one year ago (up almost 30% since 2013) (Source: IBM Press Release, “IBM & Ponemon Institute Study: Data Breach Costs Rising, Now $4 million per Incident,” June 15, 2016).
- The number and sophistication of cybersecurity incidents also continues to grow, with “64 percent more security incidents reported in 2015 than in 2014.” (Source: Id.)
- Data breaches cost the most in the U.S. and Germany, and the lowest in Brazil and India: the average per capita cost of data breach was $221 in the US and $213 in Germany compared to $100 in Brazil and $61 in India. (Source: “2016 Cost of Data Breach Study: Global Analysis,” by Ponemon, sponsored by IBM, June 2016)
- Not surprisingly, costs associated with a data breach are the most expensive in the healthcare ($355 per capita), education ($246) and financial ($221) sectors. (Source: Id.)
- Most breaches were caused by malicious or criminal attacks (48% of all attacks reported, including malware, phishing, etc.); one in four incidents were caused by human error (negligent employees or contractors)(Source: Id.)
Although these statistics are sure to garner headlines, perhaps the most valuable findings from the report concern factors that can actually decrease the costs of a data breach. According to the study (page 14 of the Report), there are ten (10) actions that, when taken, are associated with lower data breach costs. They include:
- Maintaining an incident response team ($16 per capita)
- Extensive use of encryption ($13)
- Training employees ($9)
- Participating in sharing of threat information ($9)
- Having a company’s board involved ($6)
This latest Ponemon study confirms the continuing trend of rising costs associated with data breaches, both globally and in the United States. It offers some hope, however, as well. It is now increasingly clear that while data security incidents might well be an inevitable part of doing business, there are concrete actions that smart organizations can take – and some that they can avoid taking – which can lower risks and resulting costs associated with those incidents. Cyber-savvy organizations will train their employees, maintain an IR team and involve their boards as they consider, plan and prepare for cybersecurity incidents. These actions and others will propel these organizations forward and add to their competitive edge in the marketplace.