Cost of Data Breach Increases Again: Proven Ways to Decrease It
Considering that lost or stolen confidential records cost an average of $154 each and that U.S. organizations typically lose over 28,000 records in a year, it’s easy to see that the cost of data breaches is enormous – and data breach prevention is more important than ever.
According to the 2015 Cost of Data Breach Study: Global Analysis, the average cost of a data breach increased again from $3.52 million in 2014 to $3.79 million in 2015. The study reported a 23% increase in the total cost of data breach since 2013.
Fifteen hundred IT, compliance and information security practitioners from 350 companies in the U.S., United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region, and Canada, participated in the Ponemon Institute study. Sponsored by IBM, there is a global report as well as country-specific reports.
Along with highly publicized mega breaches last year, “thousands of other breaches took place around the world, resulting in the theft of over 1 billion records of personal identifiable information (PII),” said Larry Ponemon at securityintelligence.com.
In a news release, he explained that mega and small business data breach incidents keep climbing because cyber attacks are increasing both in frequency and resolution costs. Second, it costs more when business reputation takes a hit and companies lose customers. Third, companies are incurring higher costs in forensic and investigative activities, assessments, and crisis team management.
The Cost of Data Breach Study also identified factors that helped decrease the cost of a data breach.
The study showed that having the board of directors involved in a data breach response , as well as having a Chief Information Security Officer on staff, each reduced the cost of a data breach by about $5.50 per record. An incident response team reduced the cost by $12.6. Security awareness training was also essential – human error issues or negligence accounted for one-quarter of all breaches in the study. When employees received regular training, the cost reduced by $8 per record.
Business continuity management reduced the cost of a breach by over $7 per compromised record. Also, heavily regulated industries (healthcare, education, pharmaceuticals and financial) should be particularly vigilant about information security because their global cost of data breach per lost or stolen record was much higher than the average.
While end point and other IT protection are critical in every workplace, the study identified encryption specifically – it reduced the cost of a data breach by $12 per record. Cyber security was especially important because cyber attacks accounted for almost half of all root causes.
A mobile device policy is important because lost or stolen devices increased the cost of a data breach by almost $10. Also, since third party involvement increased the cost of data breach by $16, companies are encouraged to screen third party providers on information security procedures.
A comprehensive document management policy that protects confidential information from creation to disposal can also help eliminate the risk of a data breach. Partner with a trusted document destruction company that provides a secure chain of custody on shredding services for paper documents and hard drive and e-media destruction.