2016 Ponemon Cost of Data Breach Study Published

The 2016 Ponemon Cost of Data Breach Study shows that healthcare data breaches cost the most to resolve, and breaches in the United States cost significantly more than those in other countries.

This is the 11th consecutive year that the IBM-sponsored study has been published. The cost of a data breach continues to rise, with the average breach resolution costs now having reached $4 million. Last year, the average cost of a data breach was 3.79 million.

2016 Ponemon Cost of Data Breach Study Shows Healthcare Breaches Cost $355 per Record to Resolve

When organizations experience a breach of confidential data the costs of mitigating risk, covering regulatory fines, hiring new staff, and employing new technology can quickly mount. The Ponemon institute calculated the average cost per exposed or stolen record to be $158, four dollars more per record than the previous year’s study.

However, the cost of breach resolution is far higher for the healthcare industry. A healthcare data breach now costs an average of $355 to resolve, which is more than double the global average. Healthcare data breaches are still the most expensive, and are considerably costlier than breaches in the education sector. Education sector data breaches cost an average of $246 per record to resolve, while breaches in the financial sector cost an average of $221 per record to resolve.

While negligent employees are still causing data breaches – 25% according to the 2016 Ponemon Cost of Data Breach Study – the biggest cause of data breaches was malicious and criminal attacks which accounted for 48% of data breaches. 27% of breaches were attributed to system glitches.

Malicious and criminal attacks cost the most to resolve, in part due to the difficulty in detecting malicious attacks. The Ponemon Institute’s figures show that the longer it takes to detect a breach, the greater the per capita cost. The same applies to containment. The faster a breach is contained the lower the per capita cost. The average time to detect a breach was 201 days, while it took an average of 70 days to contain a breach.

How to Reduce the Cost of a Data Breach

The cost of dealing with the breach has not changed by a huge degree since the 2015 study, although companies are discovering that the fallout from a breach can be considerable. One of the biggest costs of a data breach is lost business. Consumers are now much more willing to switch providers after a data breach occurs that exposes their sensitive data.

Organizations can take steps to prevent lost business. It is important to notify breach victims promptly, while transparency is similarly important. Showing breach victims that efforts are being made to reduce the risk of future breaches can help to restore confidence.

However, organizations must take care. Rushing to issue breach notifications has potential to increase the cost of breach resolution.

Organizations can further reduce the cost of a data breach with business continuity management, employee training, threat sharing, using data encryption, and appointing a CISO. The use of encryption reduces the cost of a data breach by an average of £13 per record, threat sharing was shown to reduce costs by $9 per record, while organizations that had appointed a CISO were able to shave off $7 per breached record.  However, the biggest savings come from having a robust, well developed breach response plan and a breach response team to deal with the breach. That can save organizations an average of $16 per record.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news