What is the cost of a breach?
Breaches are more expensive and more likely to occur than ever before
The odds that your organization will suffer a data breach are not just higher than ever. They are more expensive than ever.
A recent report from Kaspersky Lab and B2B International, for instance, estimates that the full impact of a data breach now amounts to $1.3 million for large companies in the U.S., compared with $1.2 million in 2016.
A report conducted by the Ponemon Institute, whose recent annual survey took a more global look, found a 27.7 percent likelihood of a company sustaining a recurring material data breach over the next couple of years.
Ponemon’s report, which surveyed 419 companies in 13 regions around the world, also offered new insight into the extent of the financial havoc that malicious hackers inflict on their victims. Consider these revealing data points:
- Although the average total cost of a data breach fell 10 percent to $3.62 million this year, the average size of a data breach has inched up 1.8 percent to 24,089 records.
- The survey found a 2.1 percent increase in the likelihood of a recurring material data breach.
- In addition, Ponemon reported, more organizations worldwide have lost customers in the aftermath of suffering data breaches.
Clearly, there are any number of direct and indirect costs – ranging from legal fees to lost customer records to employee and company downtime – that your organization will be forced to absorb following a data breach.
How much you’ll wind up paying will vary according to industry, geography, and the size of the data loss. But when it comes to tallying up the final tab, here’s what will loom large in shaping the calculation:
Response time means everything.
The Ponemon report found a clear link between how long it took to identify and contain a data breach and the final cost to the organization. On average, breach containments that take more than 30 days cost about $1 million more than those that take less than 30 days.
Location, location, location
Where you set up shop matters.
The average per capita cost of a data breach in the U.S., and Canada was the highest among the surveyed nations at $225 and $190, respectively. On the opposite end of the spectrum, the least expensive regions were in Brazil and India at $79 and $64, respectively.
Breach costs vary by industry
While the average global cost of a data breach per lost or stolen record was $141, some industries get hit harder than others.
For instance, healthcare organizations ranked No. 1, incurring an average cost of $380. The other top targets were financial services at $245 and media at $119. By contrast, the public sector had the lowest average cost per lost or stolen record at $71.
Victory in our time?
But let’s finish on a more optimistic note. Organizations that draw up incident response plans will be able to more quickly identify what’s happened, what the attacker has access to, and how to contain and remove that access.
Indeed, there’s modest progress to report; according to Ponemon, the number of days companies needed to identify data breaches fell from an average of approximately 201 last year to 191 days. Also, the average number of days it took to contain data breaches dropped from 70 to 66 days.
Look at it another way: While data breaches are becoming more widespread, businesses can help their cause by preparing cyberdefenses for the inevitable. So, when an attack finally comes, they will be in a far better position to limit the resulting expenses to just another cost of doing business.
AT&T Cybersecurity Insights report
Learn more about protecting your business in AT&T Cybersecurity Insights, Volume 6: "Mind the Gap: Cybersecurity’s Big Disconnect."
In this invaluable report, you'll read about the troubling disconnects that have emerged between today's cybersecurity threats and organizations' countermeasures, as well as what you can do to help strengthen your defenses and reduce risk.
AT&T Cybersecurity Insights, Vol. 6
Learn how your business can fill the gaps and help strengthen its defenses in this free, interactive report: “Mind the Gap: Cybersecurity’s Big Disconnect.”