Unfortunately data breaches are a regular occurrence. The average cost of a data breach worldwide is now $3.62 million, down 10% from last year. However, the cost of breaches vary by region.
Amid all the ransomware hysteria created by the global ransomware attacks as of late, two recent data breaches have focused attention back to the process of securing company data. Two weeks ago, Verizon confirmed that the data of as many as six million customers was exposed online due to an improper handling incident of an employee. The exposed data included the active PINs of these customers. Although Verizon was quick to state that the PINs alone cannot access online accounts, chances are the majority of these customers use the same PINs for other accounts. This is why data breaches such as these have lasting effects.
At the same time, a breach of 14 Trump properties was detected last month although the data breach occurred months earlier. Whoever the hackers were, they hit the jackpot, accumulating a treasure chest of credit card numbers, expiration dates, security codes, social security numbers, home addresses and password information just to skim the surface. Yes, even the President of the United States is not immune from a data breach.
Data breaches can be astronomically expensive for organizations afflicted and some never bounce back. According to a report conducted by a joint effort between IBM and the Ponemon Institute entitled, The 2017 Cost of Data Breach Study: Global Overview, the total cost of a data breach is $3.62 million on average. The average cost per data record is $141. The report is based on a study of 419 companies located in 13 countries or regions that had experienced a data breach.
Determining the true cost of a data breach is difficult as related costs are incurred on so many fronts. In order to put a hard number to paper, the team broke down the cost structure accordingly:
They then outlined all of the tasks that are normally associated with the discovery of and the immediate response to the data breach which include:
They also broke down the costs of the tasks normally conducted in the aftermath of a discovery. This latter group of activities included:
One finding that was common for all of the involved corporate participants was that the sooner a breach is identified and contained, the lower the costs. The time window of discovery for the 419 companies measured between 24 and 546 days, creating a mean time of 191 days. From discovery, the mean time to contain the breach was 66 days with a range of 10 t 164 days. This statistic illustrates just how difficult it is to shore up a breach from start to finish.
When comparing the cost of a data breach amongst different countries and regions, the United States proved the costliest. The U.S. topped the list in both of the following categories.
On closer examination, it was not direct costs that propelled the United States to the top of both lists. It was indirect costs, primarily the costs of litigation expenses, compliance fines, loss of business as well as the offering victims identity protection service. According to a recent article in Business Insider, companies have had to pay upwards of $10 million to settle class action lawsuits after a large data breach. Home Depot reported that the total costs incurred for their data breach in 2014 amounted to $263 million. Target’s total cost is assessed at $291 million.
Any company that retains data silos of personal information should encrypt the data. Data that is encrypted can be stolen, but it cannot be accessed. Encrypted data is useless data if you do not have the key to decrypt it. Data should be encrypted throughout the enterprise whether it resides on a database server, laptop or cloud drive. With the EU’s General Data Protection Regulation coming into force next year, EU companys may find this advantage short-lived. Under GDPR, firms could be fined up to €20m (£17.6m) or 4 per cent of annual turnover, whichever is higher.
Stay up to date on all the latest cybersecurity threats. Sign up to the TitanHQ newsletter below.
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555Contact Us