Hardly a week goes by without news related to data breaches. Over the last few months we’ve seen a massive data theft in Bulgaria, another from a Canadian bank, as well as from a British university. We also saw the outcome of two of the most notorious data breaches from last year, when British Airways and Marriott received million pound fines from the data protection authorities.
How much could a personal data breach cost you?
The Ponemon Institute has just published its annual Cost of a Data Breach Report, which reveals the average cost of a data breach, as well as the factors that can influence this cost. This year, the cost for a company that suffers a data breach has gone up once again. It now costs an average of $3.92 million (€3.52 million). The average size of a data breach is 25,575 records, and the average cost per record is $150. But what factors influence these economic losses?
According to the Ponemon Institute, 36% of the cost of a data breach comes from the loss of business stemming from loss of customer trust after a cyberincident. This is the equivalent of $1.44 million. What’s more, the more customer that are lost, the more the breach costs. A company than loses less than 1% of its customers spends $2.8 million on a data breach. If the company loses over 4% of its customers, however, the breach can cost as much as $5.7 million, 45% more than the average.
A lasting problem
The report highlights the fact that the effects of a data breach are felt for years after the initial incident. 67% of the breach costs come in the first year, 22% in the second year, and 11% three years after the incident. This year, we saw a clear example of this with the case of Equifax, which is still feeling the economic effects two years after its massive breach.
The lifecycle of a data breach—the time between a breach occurring and being contained—has grown 4.9% this year. The average time to identify a breach is 206 days, and the time to contain it is 73 days. It is perhaps not surprising that the sooner a breach is contained, the less it costs. A breach with a lifecycle of under 200 days costs $3.34 million, while one with a lifecycle of over 200 days costs $2.56 million.
The causes of the breach have an effect
Breaches caused by a malicious cyberattack are not only the most common, but also the most expensive. 51% of incidents are caused by a malicious attack, and it takes 12.5% longer to contain a breach of this kind. This is one of the reasons for the fact that a breach caused by a malicious attack costs up to 27% more than one caused by human error ($4.45 million vs. $3.5 million).
Geography and sector also have an effect on the cost of a data breach. The country with the highest costs is the United States, where the average costs is $8.19 million, or $242 per record. The industry with the highest costs is healthcare: $6.44 million for a breach and $429 per record.
There are factors that reduce the cost
In spite of all of this, there are certain actions that companies can take to reduce the costs stemming from a data breach. These actions include the extensive use of encryption—something that can save up to $360,000—and integrating security into the software development process (the so-called DevSecOps).
Another factor that can drastically reduce the cost of a data breach is to have an incident response team with a well-tested incident response plan. In fact, the combination of these two factors can reduce the cost of a data breach by up to $1.23 million.
Reduce the risks in your company
Wherever you are, and whatever industry you work in, the costs of a data breach are an expense that every company wants to avoid. And the damage goes beyond finance: a company’s reputation can also suffer a lot after a data breach.
To stop your company from experiencing these damages, it is essential that you have rigorous control over the personal data that you handle. This is why Panda Adaptive Defense has an additional module, Panda Data Control.
This module discovers and audits all the unstructured personal data on your company’s endpoints. It also generates reports and alerts in real time about unauthorized use of data, to avoid exfiltrations, and to help you to implement proactive operation and access measures in your company.
The chance of suffering a data breach in the next two years is 27.9%. With Panda Data Control you can significantly reduce that risk.
Panda Security specializes in the development of endpoint security products and is part of the WatchGuard portfolio of IT security solutions. Initially focused on the development of antivirus software, the company has since expanded its line of business to advanced cyber-security services with technology for preventing cyber-crime.
