A new study on data breach reveals the increasing costs of a data breach with a simple breakdown
According to a new report by Ponemon Institute and IBM, the average cost of a data breach has risen to $3.92 million. Recently, Canadian lender Desjardins Group revealed that a recent breach of privacy of its 2.9 million members cost the company over $53 million. Similarly, British Airways and Marriott have noted $100 million in damages after failing to meet regulations like GDPR due to cyber-attacks.
What is more worrisome is the year-on rising costs of data breaches. According to the report, the average costs for data breaches rise by 1.6% per year. Additionally, these costs have risen by 12% over the last five years. These costs include direct and indirect costs including time and effort required to clean-up, and lost opportunities due to bad publicity, among others.
Furthermore, what might concern average enterprises is the frequency and probability of cyber-attacks. According to the report, 30% of organizations are likely to face an attack within the next 24 months. Moreover, US organizations often face the brunt of such attacks, costing $8.19 million on average. The complex regulatory framework, and a wide range of laws in accordance with state and federal authorities, complicates matters further. In the UK, the costs of an average breach are slightly lower than its counterparts in other parts of the world, reaching $3.88 million on average.
The same report also notes that the total incidences of data breaches have increased by 3.9% compared to 2018. Moreover, the average size of data breaches in the US now stands at 32,424 and 23,600 in the UK. In the US, the cost of a breach per record averages around $242, while it amounts to $155 per record.
Enterprises can follow these three steps to keep the data breach costs to a minimum:
Despite the rising awareness about campaigns, the response time for cyber-attacks of enterprises is on the rise. According to the report, on average it takes 279 days for enterprises to identify, and report a breach. This is up from 266 days on average in 2018. Active responses offer the biggest opportunity for cost-savings. The report estimates that the companies which respond in 200 days or less, can save on average $1.2 million. So, yes, when it comes to responding to a data breach, time is money.
Proactive Compliance Strategy
One of the biggest aftermaths of dealing with a data breach is the compliance to legislation like GDPR. Currently, privacy laws across nations and states vary widely. For example, in the US there are 52 different sets of privacy laws differing from each state. So, when a data breach occurs, it is fair to assume that most companies won’t have the expertise to deal with the aftermath of a privacy breach. A good example of this is the case of Marriott. The company first noted that its insurance paid for the data breach cost, which amounted to $28 million initially. However, later it turned out that the UK’s protection authority charged the company $124 million fine, for a failure to comply with the GDPR regulation. Hence, it is important to adhere to a proactive compliance strategy to ensure the highest cost-savings during a data breach.
Stock Market Consideration
In good news to the company, a report by Comparitech highlights that most companies do not suffer long-term damages to their business. For example, among the 33 data breaches it researched, the stock priced dropped by 7% on average for the next 14 days. Among the companies that suffered the most, was Macy’s, which witnessed leakage of sensitive data like credit card information. However, most companies did not suffer a long-lasting impact on their business.
So, is your enterprise ready to take the fight to hackers this year?