The spotlight continues to shine on data breach incidents. It comes as no surprise that the cost of a data breach has risen in the United States this year, as it has the past 5 years. In 2013, the average cost of a breach came to $5.4 million, each year that number has risen, reaching new heights in 2017 at $7.35 million, according to the 2017 Cost of Data Breach Study: Global Overview conducted by Ponemon Institute.
In contrast, the cost of a breach in European countries decreased by about 10%. The average cost of a breach falling from £2.53 million to £2.48 million. Experts speculate that organizations in European countries have taken security more seriously. Contributing factors may include more legislation in the EU for data privacy and security, for example, the upcoming General Data Protection Regulation, which will begin enforcement in 2018. Others explain that legal costs in the US contribute to the higher cost for a breach. Either way, it’s explicit that the US needs to put a stop to the trend. So, what are key findings that organizations can consider to prevent breaches?
Key findings at a glance in the Ponemon Report:
U.S. Study by the numbers:
$7.35 million – average cost of a data breach
$225 – average cost of a stolen record
28,512 – average amount of records stolen per data breach
206 days – average amount of time to detect a breach
The report found that industries with high regulation incurred the highest cost per stolen record. Healthcare being the costliest at $380, Financial Services at $336, Services at $274, and Life Science at $264.
Time poses a major factor in the cost of a breach. If a breach was detected in 100 days or less, the average cost was $5.99 million, but if it was greater than 100 days the cost rose to $8.7 million.
Churn is a key component in the cost of a data breach. Industries with a 4% churn rate or greater experience data breach costs at an average of 10.1 million. Abnormal churn rates by industry: Financial (7.1%), Life science (5.7%), Health (5.5%), and Technology (5.1%).
Who’s Taking the Records?
52% of breaches involve a malicious or criminal attacker e.g. insider threat or an external cybercriminal
24% were caused by careless employees e.g. sharing login credentials, or not logging out of information systems
24% attributed to system glitches e.g. IT or business process failures
Protect Your Organization
The risks associated with leaving your organization vulnerable to a data breach are far more costly than implementing a strong cybersecurity posture. Investing in a User Activity Monitoring system is a good place to start. It will ensure that all employee activity surrounding sensitive data is monitored and recorded. Any unusual activity is immediately isolated and investigated, allowing your organization to avoid data leakage, organizational embarrassment, and customer churn.