The results are in! The Ponemon Institute interviewed more than 2,200 IT, data protection, and compliance professionals from over 450 companies that had a recent data breach, and their 2018 Cost of a Data Breach Study: Global Overview reveals lessons we can all learn from.
Stats Are More Than Just Numbers – They’re Consequences
- The average total cost of a breach in the U.S. is $7.91 million (more than double the global average of $3.86 million).
- Data breach costs have increased by 6.4 percent from last year.
- The number of compromised records rose by 2.2 percent.
- Heavily regulated industries, such as healthcare, and financial organizations pay substantially more than other industries when data is compromised.
- A data breach due to malicious or criminal activity costs $157 per record, while the cost for breaches caused by system and human errors were $131 and $128, respectively.
Key Factors that Influence Cost and What You Can Do
These days, it’s not a matter of if but when a breach will happen to you. The Study offers helpful tips to reduce the cost in the event of a breach.
- Pay less by finding and fixing it fast
The Study found that the quicker a company acts, the less a breach may ultimately cost. When considering a timely response, companies who identified a breach in less than 100 days saved more than $1 million. Likewise, organizations that contained or resolved a breach in less than 30 days saved more than $1 million as well. Consider an intrusion detection system (IDS) to monitor your environment for malicious activity or policy violations, so you can quickly identify any unauthorized access and save money in the long run.
- Create an incident response team
The Study also found that having a capable incident response (IR) team reduced the cost of a breach by almost $14 per compromised record. That may not sound like a lot but multiply it by the average number of records compromised during a breach, and the numbers quickly add up. If you don’t have an IR plan and team in place, build one and test it regularly. The Study provides tips for building a business case for IR, so you can quantify why your organization needs one.
- Encryption cuts costs even further
Want to bring that per record cost down even more? Encryption reduced costs by $13 per capita. Encrypting stored personally identifiable information saves you legal and notification costs should an incident occur.
- Limit your dependence on these factors
Third party involvement, extensive cloud migration, compliance failure, and the extensive use of mobile platforms all increase the cost of a data breach.
The Study is an annual reminder that, while breaches are expensive, certain measures can be taken to reduce the costs that follow. Download a complete copy of the Study here and learn how your organization can put its findings to work.