Ponemon Institute in partnership with IBM has recently launched the 2018 Cost of Data Breach report. It comes with a corresponding calculator to give companies a close estimate of the possible business cost if they become a victim of a data breach or security attack. Cost of Data Breach is a yearly report released publicly, enabling the enterprises to have a good look at how much they have to spend for recovery or the cost of overall damage. This is also a fair representation of the hidden cost to remedy the brand damage to their business portfolio at the wake of a cyber attack.
According to the report, the three categories of the cost incurred by a firm after a data breach or cyber attack are damaged/loss of brand reputation, customer pull-out and expensive hiring of expert employees to fix the problem. The study revealed that the average cost of a security breach is $3.86 million. This is concluded from the data from 500 organizations that suffered a data breach in the last 12 months.
New highlight to this year’s report is the focus with “mega breach”, a security breach where more than one million data entries of have been lost. This was due to the disturbing result of the survey when in 2017, a total of 16 mega breaches occurred compared to just nine in 2013.
The study emphasized that such big-time breach may cost the victim company $40 to $100 million setbacks. Wendi Whitmore, IBM’s IRIS global lead said: “While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified. The truth is there are many hidden expenses which must be taken into accounts, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
As highlighted by IBM, below are the direct quotes of key findings from the Cost of Data Breach Report:
- The average cost of a data breach of 1 million compromised records is nearly $40 million dollars
- At 50 million records, the estimated total cost of a breach is $350 million dollars
- The vast majority of these breaches (10 out of 11) stemmed from malicious and criminal attacks (as opposed to system glitches or human error)
- The average time to detect and contain a mega-breach was 365 days – almost 100 days longer than a smaller scale breach (266 days)
Ponemon Institute has made the report inclusive, given the need to inform everyone that the status quo is not acceptable. Many parts of the report contain findings that break the GDPR strict rulings:
- 197 days is the average period of time to identify a data breach and an additional 69 days to actually fix the cause of the issue.
- A strong indication that companies feel no rush in notifying stakeholders that a data breach occurs until they reach an understanding that they can no longer keep it secret.
The report comes with good suggestions on how companies can plan ahead, to at least reduce the cost of damage if they encounter a security breach:
1. Acquire and maintain an incident response team, as this can save the firm $14 per compromised record.
2. Artificial Intelligence-based cybersecurity solution lessens the cost of damages by at least $8 per compromised record.
3. A company that notifies their stakeholders about the security breach at a reasonable time saves around $5 per compromised record. It also helps to soften the negative impact to the business brand.
Dr. Larry Penomon, the founder of Ponemon Institute concluded: “The goal of our research is to demonstrate the value of good data protection practices and the factors that make a tangible difference in what a company pays to resolve a data breach. While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”