Ponemon puts a $4 million price tag placed on mitigating data breaches

The best method to mitigate the damage caused by a data breach is to have an incident response team in place.
The best method to mitigate the damage caused by a data breach is to have an incident response team in place.

The average cost of  data breach incident is now $4 million, up 29 percent from 2013, with the biggest expense being corporations not having an incident response plan in place prior to the attack, according to the 2016 Cost of Data Breach Study: Global Analysis

This Ponemon Institute study, sponsored by IBM and which included input from 383 companies located in 12 nations, cited a litany of reasons behind the increase with lack of corporate forethought topping the list, but not far behind was the overall increase in the number and size of attacks, up 64 percent from 2015, and targeting industries with weaker defenses in place.

The report noted that best way to limit the damage caused by a data breach is to have an incident response team in place and ready to react prior to being struck. Simply being prepared for such an eventuality knocks the per-record cost of the attack down $16 to $158 saving companies on average $400,000, the report stated, but that has not stopped the vast majority of companies from not bothering with this defensive measure.

“Unfortunately, another Ponemon study found that 70% of U.S. security executives do not have a cyber security incident response plan in place,” IBM Security's Executive Security Advisor Diana Kelley told SCMagazine.com in an email.

The $158 figure is a worldwide average with U.S. costs hitting $221 for 2016, the highest worldwide, with Germany and Canada close behind.

Other cost reduction steps included extensive use of encryption, $13 per record; employee training, 49 per record; and simply hiring a CISO can knock $9 per record off the cost of recovery from a breach.

On the flip side there are actions corporations take that greatly increase the per record cost of a data breach. Leading that list is third-party involvement which boosts the average cost by $14 per record and extensive cloud migration can add $12 per record, the report stated.

Impact of 16 factors on the per capita cost of data breach



The reason third-parties increase the cost is these companies can complicate and lengthen the time it takes to respond and resolve a problem, but there is not much most organizations can do cut third-party vendors out of the loop.

“Companies must often share data with third parties to meet business objectives and operate efficiently. What's important is for businesses to have stringent guidelines in place for how their partners are protecting the data that is shared with them, throughout the entire lifecycle of the data,” Kelley said.

When it comes to the average size of a data breach India and the Arabian region are tops with respective breach sizes of 31,225 record and 30,179 records, but the United States is not far behind averaging 29,611 records compromised per breach.

Ponemon also investigated the cost per record by industry. The healthcare sector led the way averaging $355 per record, followed by education, $246; financial, $221; and services, $208.

When looked at globally the root cause for each breach is almost evenly split between malicious attacks and those caused by human error and system glitches with the latter two responsible for 52 percent of the data breaches that took place.

This changes dramatically when one drills down and looks at this on a per country basis. Sixty percent of the breaches in the Arabian region are due to malicious actions with Canada, 54 percent; Japan, 52 percent; and Germany, 52 percent also experiencing breaches that are most likely due to an outside source. Meanwhile, South Africa, Brazil and Indian breaches are more likely to be caused by human error and technical glitches, the report found.

“We know that data breaches are costly, but seeing all of the costs associated with a breach broken down into such specific data is extremely insightful. Many people don't realize all of the complex activities and communications that need to take place in short order following a breach - from remediation, to stakeholder communications, to legal and regulatory filings,” Kelley said.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS