The average cost of a corporate data breach increased 15% in the last year to $3.5 million, according to the Ponemon Institute. The study, in conjunction with IBM, also found that the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than 9% to a consolidated average of $145.
The Ponemon Institute’s ninth-annual “Cost of Data Breach Study: Global Analysis” report includes responses from 314 large companies spanning 10 countries. The most common cause of a data breach is a malicious insider or criminal attack.
The goal of this research is to not just help companies understand the types of data breaches that could impact their business, but also the potential costs and how best to allocate resources to the prevention, detection, and resolution of such an incident. Key findings included the following:
- The most costly breaches occurred in the U.S. and Germany at $201 and $195 per compromised record, respectively.
- The least expensive data breaches were in India and Brazil at $51 and $70, respectively. Root causes of data breaches differ among countries.
- Countries in the Arabian region and Germany had more data breaches caused by malicious or criminal attacks.
- India had the most data breaches caused by a system glitch or business process failure.
- Human error was most often the cause in the United Kingdom and Brazil.
- The appointment of a chief information security officer to lead the data breach incident response team reduced the cost of a breach by more than $6.
- The involvement of business continuity management reduced the cost of data breach by an average of almost $9 per record.
“Clearly, malicious insiders and criminal attacks are a growing concern for businesses, especially when we consider how persistent data has become in the age of cloud and mobility,” said Kris Lovejoy, general manager, IBM Security Services Division.
After all, a data breach can result in enormous damage to a business that goes way beyond the financials. At stake is customer loyalty and brand reputation.
Other threats are malicious code and sustained probes; most companies in the study estimate they will be dealing with an average of 17 malicious codes each month and 12 sustained probes each month.