A study published by Ponemon Institute, and sponsored by IBM, purported that the average total cost of data breaches increased 15% in the last year to $3.5 million, or $145 per record containing protected information. The study included participants from 314 companies in at least 10 countries. There are a number of key facts that the study shows regarding reduction factors in the cost of a breach, as well as factors that increase the cost. The study found that appointing CISO, maintaining a business continuity management program, and developing an incident response program can reduce the cost per record of a data breach. It also discovered that, on average, over the next two years, organizations have a 22% chance of a breach of 10,000 or more records.
Change in cost per record based on organizational factors.
The study found that Only 38 percent of companies have a security strategy to protect its IT infrastructure, while 45 percent have a strategy to protect their information assets. Considering that the study also found the highest percentage of breaches was due to malicious or criminal attack, it would seem that organizations may need to rethink their budgets.
The industry where the breach occurs also has a direct affect on the cost. Heavily regulated industries, like healthcare, had the largest cost per breach. The overall average cost of the breach was $145/record.
At first glance, the report appears to address what we all already know, but I think it does a good job at pointing out some key pieces of information: Where should I spend my money? Where should I focus my efforts? Am I at risk? I believe it is worth a read.