Last month we found out the results of the investigation into the Cambridge Analytica and Facebook scandal in the UK. The social network has received a fine of £500,000, a paltry sum in comparison with its annual turnover, and also in comparison to the fine it could have faced within the framework of the GDPR. However, economic sanctions imposed by data protection bodies are not the only costs stemming from a data breach.
A report carried out by Poemon Institute has shown that the average cost of a personal data breach is 3.86 million dollars, a 6.4% increase compared to last year. Within this cost are expenses such as detecting the breach, carrying out an investigation, informing the pertinent authorities, legal services, and public relations. To all of this we also need to add the loss of client trust, another element that can damage a company’s finances.
The average size of a breach of this type has also increased, something that has contributed to the increase in costs, since, according to the study, the more records that are lost, the more expensive the breach is. For example, a breach of under 10,000 records has an average cost of $2.1 million, while a breach of 50,000 records costs $6.5 million.
The study was carried out before the GDPR came into effect. However, it predicts that the European regulation will mean a huge increase in the average cost of a breach of personal data, since the maximum fine can be 4% of annual turnover or up to €20 million, a considerably larger sum than the current average.
The cost depends on the type of attack
Three different causes of data breaches are identified in the report: criminal or malicious attacks (48% of cases), human error (27% of cases) and system glitches (25% of cases). The most expensive case was criminal attacks, with an average cost of $157 per record. This can be put down to the fact that these incidents are more difficult to detect, and even after being detected, take longer to contain. In comparison, a breach caused by human error has an average cost of $128 per record.
Other factors can also cause the cost of an incident of this type to vary. For example, the geographical location of the company – the cost rises to 7.91 million dollars in the USA, and goes down to 1.24 million in Brazil. The speed with which the breach is contained also plays an important role. If the breach can be contained within 30 days, the cost is reduced to $3.09 million, whereas if it takes over 30 days, the cost rises to $4.25 million.
These days, with the proliferation of the Internet of Things (IoT), it may come as no surprise that the use of mobile devices has an effect on the cost of a data breach. Extensive use of this kind of devices can add $10 per record to the cost of a breach, while the loss of a device adds $6.5.
How can you save your company the costs related to data breaches?
The most important thing when it comes to mitigating the risks related to this is to be extremely careful with how personal data is handled. It’s vital to know where data is stored and to know who has access to it. With Panda Data Control you can discover and audit unstructured personal data on endpoints: from data at rest, to data in use and data in motion. This module of Panda Adaptive Defense generates reports and alerts in real time about unauthorized use of data, to avoid exfiltrations, and to help you to implement proactive operation and access measures in your company.