Understanding the costs your organization can face when it comes to data breach can help you realize how breaches impact your bottom line, as well as why information security is essential if you’re going to keep those costs down. A recent study by the Ponemon Institute not only helps you to get a clear idea of the numbers, but also shows how important response time is to keep those costs at a minimum.
First the good news. Ponemon Institute’s 2017 Cost of Data Breach report revealed that the average cost of a data breach in 2016 was around $3.62 million and that breach costs are decreasing year-on-year by 10%. The study also found that the average cost per lost record has dropped from $158 to $141.
The bad news is that organizations have experienced larger data breaches than the year before. The average size of breach has increased by 1.8%, with the likelihood of a recurring breach rising by 2.1%. So even though costs have gone down, organizations need to prepare for breach if they’re going to keep up with their risks.
Additional findings from the study worth noting are that the data breaches organizations have experienced had anywhere from 2,600 to just under 100,000 records compromised (with Ponemon defining a compromised record as “one that identifies the natural person whose information has been lost or stolen in a data breach.”). Also, a breach incident with less than 10,000 records compromised can cost up to $1.9 million; but once that number of compromised records goes above 50,000, then companies could be looking at having to spend more than $6.3 million.
The study also found that breaches were initiated by hackers and criminal insiders with 47% of all data breaches attributed to malicious or criminal intent. When looking at costs to resolve different types of attack: a lost record costs about $156, a system glitch costs $128 per record, and human error costs $126 per record.
The United States held the most expensive data breaches with the average cost per capita of a data breach being $225 and the total costs to an organization being $7.35 million. Furthermore, 52% of all recorded breaches in the US were due to hackers or criminal insiders and US companies spent the most to resolve a malicious or criminal attack, paying $244 per record.
The one thing that made the biggest difference in keeping costs down was response time. The faster a breach is contained the less it costs organizations. The mean time to identify a breach according to Ponemon’s study was 191 days with the mean time to contain that breach calculated at 66 days. The companies surveyed in the report identified a data breach within 24 to 546 days, with a range to contain breach at 10 to 164 days. The study also found that malicious or criminal attacks were the highest to identify (214 days) and contain (77 days).
With all of this data, it is now up to you to understand where you stand in how you want to prepare for breach. If you’re not sure of how quickly you could respond to and contain a breach, give us a call.
It’s our job to help organizations such as yours to stay in business and we’ve created a cybersecurity service that helps small and mid-sized businesses to secure their enterprise fully, as well as ensure the best response time so that damage and costs are brought to a minimum.
Find out more about our MyCSO services if you’re ready to take the next step in your cybersecurity posture.
Photo courtesy of Nata-Lia