A recently published report titled the ‘2016 Cost of Data Breach Study: Global Analysis’ has suggested that the average cost of a data breach continues to climb, now reaching an average of $4million per breach, or $158 per record from a survey of 383 companies worldwide. This represents a 29% increase in the space of 3 years. All the companies surveyed for the study have experienced a breach, ranging from 3000 records up to 101,500.
Also included in the report is a rundown of data breach ‘Megatrends’ which make for interesting reading. Firstly, the point most organisations should take away is that the greatest financial loss businesses experience from a data breach is loss of business caused by negative press and a lack of trust in the company. So, although figures like $4million might sound shocking, it’s actually the loss of consumer trust in the wake of a breach which ends up costing companies the most money and there are steps which can be taken to limit this damage, such as strong public and customer relations.
Another interesting observation is that a longer breach takes to detect, the greater the overall cost of the breach, meaning good monitoring and rapid detection can also limit the damage. As for the causes of data breaches, the main cause continues to be criminal, malicious attacks specifically targeting the company. Of the breaches studied, 48% were caused by such attacks. Unfortunately financial and healthcare organisations are the ones who suffer most financially, due to the sensitive nature of their data, making consumer trust particularly easy to lose. These industries lose many more customers in the wake of a data breach than sectors such as retail or media. It’s not all bad news, because the report also observes that increased security measures such as encryption, stronger authentication procedures, data loss prevention technologies, strong management and employee training do result in reduced costs.
Typically for this type of report, they also analysed data by country, industry and size of breach and looked at the different factors affecting the overall cost of the breach. Firstly, results showed that breaches are of greatest expense in the US and Germany, with the lowest costs found in Brazil and India. The graph below illustrates the average cost over a span of 3 years for the different countries represented in the study.
They also noted that there’s a strong variation in cost depending on the industry affected. While the average cost came out at $158, this varied greatly with healthcare having an average of $355 and the public sector only $80. You can see the variation in the graph below. The cost of the breach also varied according to the number of records lost, as you’d expect, with the average for less than 10,000 records being $2.1million and $6.7million when the number of records exceeded 50,000.
As with the majority of data breach reports of varying sources and focuses, there are several key facts for us to take note of. Again. Firstly, monitor and detect breaches as quickly as possible. Secondly, develop a strategy to deal with the fallout of the breach which will go the furthest in retaining customer trust. Finally, invest in the human resource and technologies to prevent a breach occurring in the first place. While most companies are likely to experience a data breach, these steps might be the ones to prevent your organisation hitting the headlines.