Every year (or at least the last 9 years), an independent research organization called the Ponemon Institute does a study on the state of data security and 2014 data breach costs. It’s purpose is to determine the predominant causes of and costs related to data breaches. The Institute takes into account many factors beyond legal-related costs when performing its cost analysis, including but not limited to detection/prevention measures, notification costs, administrative fees, and lost opportunities. The data used in the study was collected from 1,690 data security & compliance employees from 310 organizations in 10 different countries.
The study was funded by IBM this year and the findings were released this week. Here are some of the highlights:
- The average costs of a data breach have risen by a whopping 15% in the last year to $3.5M per data breach.
- The US took the crown as the country with most expensive data breaches, averaging at $201 per compromised record.
- Malicious or Criminal attacks, which accounted for 42% of all data breaches, were the most costly type of breach. In the US, these attacks costs an average of $246 per compromised record.
- To contrast the Malicious/Criminal attacks, 30% of data breaches involved negligence on the part of an employee or contractor and another 29% involved “system glitches that include both information technology and business process failures.”
- Customer loyalty after a data breach incident dropped further than in past years; the financial services industry sees the worst drops.
- Companies that put into place a “strong security posture” and business continuity management processes saw the data breach costs fall to the range of $9-14 per compromised record.
- According to the research, only 32% of companies have Cyber Liability insurance coverage.
The basic gist of the study is that 2014 data breach costs are on the rise and there seems to be no crest in site. The costs associated with a data breach reach far beyond the associate legal and defense procedures to include those such as reputational damage and loss of previously loyal customers. A data breach has an impact on everything from branding to the bottom line.
Fortunately, many of the cyber liability insurance offerings have adapted to the changing landscape. Most policies cover legal, regulatory, and administrative costs along with notification and data/system restoration costs. Some even have separate sublimits of coverage that companies can use to hire PR forms and restore their reputation!
The 2014 data breach costs show a steep rise from 2013, and the future is a bit bleak in this area. However, rest assured that some basic risk mitigation techniques and a great cyber liability insurance policy can ensure your company’s survival even if the worst does happen.