The 11th annual Cost of Data Breach Study, independently conducted by Ponemon Institute and sponsored by IBM, found that the average total cost of a data breach for the 383 companies that participated, increased from $3.79 to $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.
The global study looked at the likelihood of a company having one or more data breach occurrences in the next 24 months, estimating a 26 per cent probability of a material data breach involving 10,000 lost or stolen records.
Seven global megatrends
1 The cost of a data breach has not fluctuated significantly, suggesting it is a permanent cost organisations need to be prepared to deal with and incorporate in their data protection strategies.
2 The biggest financial consequence of a data breach is lost business.
3 Most data breaches continue to be caused by criminal and malicious attacks. These breaches take the most time to detect and contain and as a result, have the highest cost per record.
4 Organisations recognise that the longer it takes to detect and contain a data breach the more costly it becomes to resolve. Over the years, detection and escalation costs have increased. This suggests investments are being made in technologies and in-house expertise.
5 Regulated industries, such as healthcare and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers.
6 Improvements in data governance programs will reduce the cost of data breach. Incident response plans, appointment of a CISO, employee training and awareness programs and a business continuity management strategy, continue to result in cost savings.
7 Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year’s study revealed a reduction in cost when companies participated in threat sharing and deployed data loss prevention technologies.
383 companies in 12 countries
$4 million is the average total cost of data breach
29% increase in total cost of data breach since 2013
$158 is the average cost per lost or stolen record
15% increase in per capita cost since 2013