TRAVERSE CITY — The average cost of an institutional data breach rose 15 percent in 2013 to $5.5 million, according to the ninth annual Cost of Data Berach Study Global Analysis, released by the Ponemon Institute, a Traverse Ctiy-based IT research organization.
Sponsored by IBM, the study of 314 companies spanning 10 countries also found that the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than 9 percent to a consolidated average of $145.
The research involved the collection of detailed information about
the financial consequences of a data breach. For purposes of
this research, a data breach occurs when sensitive, protected or
confidential data is lost or stolen and put at risk.
Ponemon conducted 1,690 interviews with IT, compliance and
information security practitioners representing 314 organizations
in the United States, the United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India and, for the first time, the Arabian region (a consolidation of organizations in the United Arab Emirates and Saudi Arabia).
“The goal of this research is to not just help companies
understand the types of data breaches that could impact their
business, but also the potential costs and how best to allocate
resources to the prevention, detection and resolution of such an
incident,” said Ponemon Institute chairman and founder Larry Ponemon.
This year’s study also provides guidance on the likelihood an organization will have a data breach.
Key results from the study were as follows:
* The most costly breaches occurred in the U.S. and Germany at
$201 and $195 per compromised record, respectively. The least
expensive data breaches were in India and Brazil at $51 and $70,
respectively.
* The causes of data breaches differ among countries. Countries
in the Arabian region and Germany had more data breaches
caused by malicious or criminal attacks. India had the most data
breaches caused by a system glitch or business process failure.
Human error was most often the cause in the UK and Brazil.
* The most costly data breaches were those caused by malicious
and criminal attacks. The U.S. and Germany paid the most at
$246 and $215 per compromised record, respectively. These
types of data breaches were least costly for companies in India
and Brazil at $60 and $77 per compromised record, respectively.
* A strong security posture was critical to decreasing the cost of
data breach. On average, companies that self-reported they had
a strong security posture were able to reduce the cost by as
much as $14 per record.
* The involvement of business continuity management reduced the cost of data breach by an average of almost $9 per record.
* The appointment of a Chief Information Security Officer (CISO)
to lead the data breach incident response team reduced the cost
of a breach by more than $6.
“Clearly, malicious insiders and criminal attacks are a growing
concern for businesses, especially when we consider how
persistent data has become in the age of cloud and mobility,”
said Kris Lovejoy, general manager of IBM’s Security Services
Division. “A data breach can result in enormous damage to a
business that goes way beyond the financials. At stake is
customer loyalty and brand reputation.”
Consistent with previous studies, the most common cause of a data breach is a malicious insider or criminal attack. We asked companies what worries them most about security incidents. Following are some of the key findings:
The greatest threats to the companies in this study are malicious
code and sustained probes.
The study found only 38 percent of companies have a security strategy to protect its IT infrastructure. A higher percentage (45 percent) has a strategy to protect their information assets.
Companies estimate that they will be dealing with an average of
17 malicious codes each month and 12 sustained probes each
month. Unauthorized access incidents have mainly stayed the
same and companies estimate they will be dealing with an
average of 10 such incidents each month.
Download the complete report at www.ibm.com/services/costofbreach.