The Ponemon Institute has released a new report on the cost of data breaches around the world. The Cost of Data Breach Study: Global Analysis, a study sponsored by IBM, looks at the financial implications of a data breach on organizations, and explores the different factors which affect the cost. The study involved 350 companies from 11 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, United Kingdom, the United States and the Arabian region (Saudi Arabia/United Arab Emirates).
Over the course of the last two years the cost of a data breach has risen by 23% and across all industries and the average cost has increased from $145 to $154 per record.
Dr. Larry Ponemon, chairman and founder of the Ponemon Institute, pointed out that that the cost of forensic analysis and other investigative activities, coupled with an increasing frequency of attacks is fueling the increase in cost of dealing with data breaches. Loss of customers is also having a significant impact on cost.
The volume of data exposed in attacks, especially hacks of email and network servers, means data breaches are now costing more. Recent data breaches in the United States have exposed records in the millions, and in a couple of notable cases, records have been stolen in the tens of millions.
Industry Differences in 2015 Data Breach Costs
The cost of a data breach varies considerably from industry to industry. Ponemon researchers assessed the costs that need to be covered following a data breach and the financial impact those incidents have on an organization.
The lowest costs were for breaches affecting the public sector, at $68 per record. At the other end of the scale is the healthcare industry at an average of $363 per record, with education data breaches costing $300 a record. The overall average across all industries was $154 per record.
2015 Cost of Data Breach Study Highlights Worldwide Differences in Breach Costs and Risk
The location of the organization also has a significant impact on data breach costs, with the cheapest locations found to be Brazil and India ($56 per record), while the most expensive were in Germany ($211) and the United States ($217).
The researchers determined that in the United States, the average total cost of a data breach was $6.5 million, with the lowest of all 11 countries being India, where the total price to pay was calculated to be $1.5 million.
In term of risk, Canada was the safest location, with Germany second. Organizations in Brazil and France face a high risk of a data breach, with system glitches carrying the biggest risk in Brazil. This was also a big risk for organizations in India. The study also predicted the risk of an organization suffering a data breach involving 10,000-100,000 records to be 22%.
What has the Biggest Impact on the Cost of a Data Breach?
The nature of the attack plays a big part in the cost of dealing with a breach. When hackers attack an organization, the cost is generally the highest. This was calculated to be $230 in the United States.
Fortunately, there are a number of ways breach costs can be minimized according to the data analysed by Ponemon.
The best way to reduce data breach costs is to use encryption services. According to Ponemon, encryption reduces the breach cost by $12 per record, but having an incident response team saved $12.60 per record. Board involvement in the breach response reduces the cost of a data breach by more than having data breach insurance, which were found to cut $5.5 and $4.4 off the cost per record respectively.
Full details of the 2015 Cost of Data Breach Study can be downloaded here.