Hidden Costs of Data Breaches Increase Expenses for Businesses - Part 2
August 09, 2018

Hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage, according to the 2018 Cost of a Data Breach Study, sponsored by IBM Security and conducted by Ponemon Institute.

Start with Hidden Costs of Data Breaches Increase Expenses for Businesses - Part 1

What Impacts the Average Cost of a Data Breach?

For the past 13 years, the Ponemon Institute has examined the cost associated with data breaches of less than 100,000 records, finding that the costs have steadily risen over the course of the study.  The average cost of a data breach was $3.86 million in the 2018 study, compared to $3.50 million in 2014 – representing nearly 10 percent net increase over the past 5 years of the study.

The study also examines factors which increase or decrease the cost of the breach, finding that costs are heavily impacted by the amount of time spent containing a data breach, as well as investments in technologies that speed response time.

■ The average time to identify a data breach in the study was 197 days, and the average time to contain a data breach once identified was 69 days.

■ Companies who contained a breach in less than 30 days saved over $1 million compared to those that took more than 30 days ($3.09 million vs. $4.25 million average total)

The amount of lost or stolen records also impacts the cost of a breach, costing $148 per lost or stolen record on average. The study examined several factors which increase or decrease this cost:

■ Having an incident response team was the top cost saving factor, reducing the cost by $14 per compromised record

■ The use of an AI platform for cybersecurity reduced the cost by $8 per lost or stolen record

■ Companies that indicated a "rush to notify" had a higher cost by $5 per lost or stolen record

The report examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach. The analysis found that organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach ($2.88 million, compared to $4.43 million for those who had not deployed security automation.)

Regional and Industry Differences

The study also compared the cost of data breaches in different industries and regions, finding that data breaches are the costliest in the US and the Middle East, and least costly in Brazil and India.

■ US companies experienced the highest average cost of a breach at $7.91 million, followed by the Middle East at $5.31 million.

■ Lowest total cost of a breach was $1.24 million in Brazil, followed by $1.77 million in India.

One major factor impacting the cost of a data breach in the US was the reported cost of lost business, which was $4.2 million – more than the total average cost of a breach globally, and more than double the amount of "lost business costs" compared to any other region surveyed. One major factor impacting lost business costs is customer turnover in the aftermath of a breach; in fact a recent IBM / Harris poll report found that 75 percent of consumers in the US say that they will not do business with companies that they do not trust to protect their data.

For the 8th year in a row, Healthcare organizations had the highest costs associated with data breaches – costing them $408 per lost or stolen record – nearly three times higher than the cross-industry average ($148).

"The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. "While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs."

The Latest

October 22, 2018

Embracing DevOps at enterprise scale requires a seismic shift in the way an organization plans, builds, tests, releases, and manages applications. Here are four ways to ensure your enterprise DevOps transformation is a success ...

October 18, 2018

Are applications teams prepared to manage the chaos arising from an ever-growing landscape of heterogeneous deployment types? A recent survey of application and operations professionals sought to better understand how the industry is shifting and what the future of DevOps might look like. Here is what the survey uncovered ...

October 16, 2018

More than half of organizations have a dedicated DevOps team to help them better implement agile strategies, accelerate release cycles and ensure continuous development. However, databases have a habit of holding DevOps back ...

October 15, 2018

Test Environment Management can save organizations close to $10,000 for each release, yet only four percent of large enterprises have fully integrated TEM processes into organizational DNA, according to the 2018 Test Environment Management Survey released by EMA and Plutora ...

October 11, 2018

Agile is indeed expanding across the enterprise and there was a significant jump from last year to this year in the percentage of respondents who indicated that all or almost all of their teams were agile, according to the State of Agile 2018 report from CollabNet ...

October 09, 2018

Adopting a modern application architecture is critical to business success and a significant driver of profit growth in today’s digital economy, according to the results of a global survey of IT and business executives released by CA Technologies and conducted by Frost & Sullivan ...

October 04, 2018

How do you integrate tools to enable shift-left performance? The following tools will simplify maintenance, can be managed in a centralized way, and provide an easy-to-use UI to comprehend results ...

October 03, 2018

Focusing at the API layer of an application can help enable a scalable testing practice that can be efficiently executed as part of an accelerated delivery process, and is a practice that can be adopted and enabled at the earliest possible stages of development — truly shifting left functional testing. But what about performance testing? How do we enable the shift left of nonfunctional testing? Here, we explore what this means and how to enable it in your organization ...

October 01, 2018

As businesses look to capitalize on the benefits offered by the cloud, we've seen the rise of the DevOps practice which, in common with the cloud, offers businesses the advantages of greater agility, speed, quality and efficiency. However, achieving this agility requires end-to-end visibility based on continuous monitoring of the developed applications as part of the software development life cycle ...

September 27, 2018

Imagine that you are tasked with architecting a mission-critical cloud application. Or migrating an on-premise app to the cloud. You may ask yourself, "how do the cloud savvy companies like Airbnb, Adobe, SalesForce, etc. build and manage their modern applications?" ...

Share this