Putting a Number on the Financial Impact of Major Data Breaches

DatabankPonemon Institute, an independent privacy, data protection, and information security policy research firm, recently released the findings on their 2015 Cost of Data Breach Study: Global Analysis. The study, which was sponsored by IBM, polled 350 companies from 11 different countries. The criteria for inclusion was that each organization had to of experienced a data breach of some kind during the last year, ranging from low (2,200 compromised records) to high (more than 101,000 records).

At a glance, here are the main findings of the study:

  • The average cost of a data breach is $3.79 million (23 percent increase since 2013)
  • The average cost per lost or stolen record is $154 (12 percent increase since 2013)

According to Ponemon Institute: “In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks. However, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.”

Ponemon Institute believes there are certain risk factors that cannot be overlooked when trying to predict what kinds of companies will be the victim of breaches over the next 24 months, something they believe they can do with relative accuracy. Based on the experiences of the companies that were included in the study, the company’s industry plays a large role. The found the average cost per record lost globally to be $154. However, in healthcare, that number can be as high as $363. In education, the cost could be as high as $300 per record. Transportation and public sector costs per record breached came in at the lowest, $121 and $68 respectively.

Financial consequences per data breach were also analyzed in the report. Two main factors are at play here as well. First, is there a high level of executive involvement in organizational IT security strategy? The second has to do with cyber insurance to help mitigate the cost of data breaches. With the increase in both data breaches and human error as technology quickly evolves, IT security is quickly moving from being just a consideration by business leaders to one that garners significant risk if not deployed quickly.

While concerns about breaches, backup, and recovery plans are growing as businesses rely more and more on the digitization of their important records, there’s still a large portion of companies who remain vulnerable as a result of lack of executive interest in preparing for worst-case scenarios. There is hope however, as after suffering a major breach in 2014, JPMorgan Chase CEO Jamie Dimon reportedly told shareholders that by the end of the year, the banking giant would invest 250 million and 1,000 staff people on IT security. As these events begin to creep into the wallets of the big enterprise companies, more headway will be made in IAM. The modern business requires it.

Click here for a full-length copy of the study.


Widget not in any sidebars
Follow Jeff

Jeff Edwards

Jeff Edwards is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large.He holds a Bachelor of Arts Degree in Journalism from the University of Massachusetts Amherst, and previously worked as a reporter covering Boston City Hall.
Jeff Edwards
Follow Jeff

Leave a Reply

Your email address will not be published. Required fields are marked *