Cost of Data Breaches

Cybersecurity Professional Set Rules for Key Creation

Data breaches can cause devastating financial losses and affect an organization’s reputation for decades. To get the accurate cost on data breaches is not an easy task considering the increased cybercrime each day. There has been a 12 percent increase in data breaches over the past 5 years.

The Bigger data breaches incurring Higher Costs

The statistic, as per IBM and the Ponemon Institute’s annual “Cost of a Data Breach” report, will likely be one of the most alluded across the cybersecurity landscape when it comes to putting a price tag on the costs associated with a breach. This report analyses the cost of data breach reported by 507 organizations across 16 geographies and 17 industries and highlights the average total cost of a data breach as USD 3.92 million. The average size or data breach recorded is 25575 records which are an increase of 3.9 percent as compared to previous year records.

Below is the list of countries which have suffered financial losses due to data breaches:

United States-$8.19 million

Germany-$4.7 million

United Kingdom- $3.7 million

Japan-$3.4 million

South Africa- $2.9 million

Australia- $2.5 million

India-$1.8 million

Brazil- $1.2 million

“The answer ultimately depends on the country and industry but in general, can span anywhere from $1.25 million to $8.19 million.” says digitalgaurdian

Data breaches are getting more expensive with their increased range. It is analyzed globally; that fewer than 30% of organizations are likely to suffer at least one breach over the next 24 months.

How can you calculate the cost of a data breach? 

To calculate the average cost of data breach, both direct and indirect expenses incurred by the organizations are collected. Direct expenses include engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts on upcoming products and services. Indirect cost includes in-house investigations and communication, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates. Calculation of the components of the cost of a data breach depends on the below factors-

  • the unexpected and unplanned loss of customers following a data breach.
  • Number of records lost or stolen during the incident
  • Time taken to “Identify and Contain” a data breach incident
  • Detection and escalation of the data breach incident
  • Costs of recovery associated with the incident

The cost of a data breach can also be calculated by various tools, such as the IBM Security tool.

IBM has also published a Global report on the Cost of Insider Threats for 2020. In the context of this research, insider threats are defined as:

  1. A careless or negligent employee or contractor
  2. A criminal or malicious insider
  3. A credential theft

Strategies to be used to reduce data breach costs

Organizations around the world lost customers due to data breaches in the past year. However, businesses that worked to improve customer trust reduced the number of lost customers — thereby reducing the cost of a breach. When they deployed a senior-level leader, such as a chief privacy officer (CPO) or chief information security officer (CISO), to direct customer trust initiatives, businesses lost fewer customers and, again, minimizing the financial consequences of a breach.

Additionally, organizations that offered data-breach victim’s identity protection kept more customers than those that did not. The report by Ponemon thoroughly breaks down every angle of a data breach and at one point, digs into how having mitigations in place, like an incident response team or encryption, can reduce the cost of a breach. According to IBM/Ponemon, by having both in place a company could potentially reduce the cost of a breach by $720,000.

The good news over the data breach issue is the presence of strategies to help businesses lower the potential cost of a data breach. For the fourth year running, the study found a correlation between how quickly an organization identifies and contains a breach and the total cost.

The study found that an incident response team can reduce the cost of a breach by as much as $14 per compromised record from the average per-capita cost of $148. Similarly, extensive use of encryption can cut the cost by $13 per capita.

These results are debatable, as we may never fully understand the true figures. It is still unknown how many data breaches go unreported or undetected. However, high-profile cyberattacks are on the increase, and the associated financial costs are skyrocketing.