The Ponemon Institute has issued its annual report “Cost of Data Breach Study,”, a study on the economic impact of data breaches. The Cost of Data Breach Study is sponsored by IBM, its results show an increase of the average data breach cost per victim, it is nearly $145 per compromised record with an increment of 9 percent respect 2012.
The overall data shows a worrying scenario, the average cost of a data breach in increased about 15% respect 2012 reaching $3.5 million. The root causes of data breach globally are the malicious or criminal attacks, nearly 42%, 30% of data breach is related to the operate of negligent employee or contractor (human factor), and 29% involved system glitches (IT and business process failures).
Very interesting is the deepening of the relationship between the main causes by date breaches and the countries in which they occurred, countries in the Middle East and Germany suffered more incidents caused by malicious or criminal attacks, data breached in India were characterized by a system glitch or business process failure, while human error is the primary problem for Brazilian and British environments.
“Malicious attacks are more costly globally. Figure 6 reports the per capita cost of data breach for three root causes of the breach incident on a consolidated basis. These results show data breaches due to malicious or criminal attacks cost companies increased from and average of $157 in last year’s study to $159. This is significantly above the consolidated mean of $145 per compromised record and the per capita cost for breaches caused by system glitch and human factors ($126 and $117, respectively). Last year, system glitches averaged $122 and human error stayed the same at $117. ” states the report.
The greatest threats to the organization are malicious code and sustained probes, the Ponemon Cost of Data Breach Study report states that companies suffered an average of 17 malicious codes each month and 12 sustained probes each month.
According the Ponemon Cost of Data Breach Study report German and US entities experienced the higher costs at $195 and $201, respectively. Both countries paid the highest value per compromised record for data breach caused by malicious and criminal attacks, nearly $246 and $215 record.
The costs of data breaches are very different for each sector, heavily regulated industries such as healthcare, pharmaceutical and financial services had the highest per capita data breach cost ($145).
Let me close this post mentioning the impact of eight factors on the per capita cost of data breach. The Ponemon Cost of Data Breach Study confirms that a strong security posture helps organizations to reduce the cost of a data breach ($14 per record). Lost or stolen devices, third party involvement in the incident, quick notification and engagement of consultants increases the per capita cost of data breach. For example if the data breach involved lost or stolen devices the cost per record could increase to $161.10 ($145 + $16.10).
There is no time to lose, we must stop this trend by adopting an appropriate cyber security strategy.
(Security Affairs – Ponemon, 2014 Cost of Data Breach Study)