What is the Average Cost of a Data Breach in 2016?
Data breaches are now considered to be a standard business cost…and one that keeps going up, according to the 2016 Cost of Data Breach Study by Ponemon and IBM.
The annual study, which was conducted with companies in a dozen countries including the U.S. and the U.K., showed that in just 2 years, the average cost of a data breach increased 29%.
In 2015, the average cost paid for each lost or stolen record was $158, up from $154 a year earlier.. The average total cost of a data breach increased to $4 million from $3.79 million in 2014.
Here are the significant cost factors of a data breach that the study identified.
Records: A ‘compromised’ record identifies the person whose confidential information has been lost or stolen. All the participating organizations had a data breach affecting from approximately 3,000 to slightly more than 101,500 compromised records. The study estimated a 26% probability of a data breach involving 10,000 lost or stolen records within the next two years.
Lost Business: The biggest financial outcome of a data breach is loss of business. This is due to abnormal turnover of customers, increased customer acquisition activities, reputation losses, and reduced goodwill.
Timing: The time it takes to identify and contain a breach affects the cost. The research showed it took significantly longer to identify and contain malicious attacks and criminal attacks (which caused 48% of breaches) compared to human error (which caused 25% of breaches) and system glitch (27%) breaches.
Customer Churn: Customer churn is the number of customers a company loses – and this often happens after a data breach. The study showed that loss of customers increased the cost of data breach. Certain countries including the U.S. had more problems retaining customers following a data breach. In general, the churn rate is highest in healthcare, financial and service organizations.
Compliance: Regulated industries have the most costly data breaches because of the fines associated with privacy laws. For example, non-compliance of the Health Insurance Portability and Accountability Act (HIPAA) and the Gramm-Leach-Bliley Act (in financial services) can result in fines in the millions of dollars.
What can organizations do to better safeguard confidential information and even reduce the cost of data breach 2016?
- Implement an incident response team (the study showed this can reduce the cost of a data breach by $16 per record).
- Use encryption for all sensitive data on hard drives (this reduced data breach cost by $13 each).
- Provide on-going security training for mobile and in-office employees. Lost or stolen devices increased the cost of a data breach in the study.
- Participate in threat-sharing programs.
- Utilize business continuity management (BCM) to identify – and address – the risk of threats.
- Appoint a Chief Information Security Officer (CISO).
- Evaluate third parties and other partners for their information security practices.
- Use a comprehensive document management process so confidential information is protected from creation to disposal.
- For a fully protected workplace, partner with a document destruction expert that provides secure document destruction and hard drive destruction.
Secure workplace policies are key to protecting an organization’s confidential information.