By Timothy King
Ponemon Institute, an independent privacy, data protection, and information security policy research firm, recently released the findings on their 2015 Cost of Data Breach Study: Global Analysis. The study, which was sponsored by IBM, polled 350 companies from 11 different countries. The criteria for inclusion was that each organization had to of experienced a data breach of some kind during the last year, ranging from low (2,200 compromised records) to high (more than 101,000 records).
At a glance, here are the main findings of the study:
- The average cost of a data breach is $3.79 million (23 percent increase since 2013)
- The average cost per lost or stolen record is $154 (12 percent increase since 2013)
According to Ponemon Institute: “In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.”
From Authentify to RSA, Solutions Review rounds up the top 24 Identity and Access Management solutions in the 2015 IAM Solutions Buyer’s Guide. Download your free copy today!
Ponemon Institute believes there are certain risk factors that cannot be overlooked when trying to predict what kinds of companies will be the victim of breaches over the next 24 months, something they believe they can do with relative accuracy. Based on the experiences of the companies that were included in the study, the company’s industry plays a large role. The found the average cost per record lost globally to be $154. However, in healthcare, that number can be as high as $363. In education, the cost could be as high as $300 per record. Transportation and public sector costs per record breached came in at the lowest, $121 and $68 respectively.
Financial consequences per data breach were also analyzed in the report. Two main factors are at play here as well. First, is there a high level of executive involvement in organizational IT security strategy? The second has to do with cyber insurance to help mitigate the cost of data breaches. With the increase in both data breaches and human error as technology quickly evolves, IT security is quickly moving from being just a consideration by business leaders to one that garners significant risk if not deployed quickly.
The report also revealed that Identity and Access Management (IAM) can play an important role in reducing the costs of a breach. The study found that “growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach has contributed to the increase in lost business.” By staying on top of current IAM best practices, businesses can drastically reduce the impact of data breaches.
While concerns about breaches, backup, and recovery plans are growing as businesses rely more and more on the digitization of their important records, there are still a large portion of companies who remain vulnerable as a result of lack of executive interest in preparing for worst-case scenarios. There is hope however, as after suffering a major breach in 2014, JPMorgan Chase CEO Jamie Dimon reportedly told shareholders that by the end of the year, the banking giant would invest 250 million and 1,000 staff people on IT security. As these events begin to creep into the wallets of the big enterprise companies, more headway will be made in IAM. The modern business requires it.
Click here for a full-length copy of the study.
- 17 Cybersecurity Podcasts You Should Listen to in 2020 - January 3, 2019
- What’s Changed: Gartner 2017 Magic Quadrant for Identity Governance and Administration (IGA) - January 28, 2018
- Crossmatch Integrates Keyboard Capture to Identity Management Software - November 27, 2017