The average cost of a Data Breach in 2017 is $3.62 million

Posted: Aug 19, 2017
Share This:

According to the 2017 Cost of Data Breach Study, healthcare data breach costs are the highest among all sectors for the seventh year straight.

The annual study, conducted by Ponemon Institute and sponsored by IBM Security, reveals that the average cost of a data breach is currently $3.62 million globally, which is actually a 10% decline from 2016. However, it is not all good news – a closer look at the data reveals that the decline does not apply to all countries – for example, the cost of a data breach in the U.S. has hit an all time high at $7.35 million, a 5% increase compared to last year.

In the US alone, data breaches cost organizations an average of $225 per record compromised. Strictly regulated industries were subject to higher data breach costs, with healthcare footing the largest bill at $380 per record – this is more than double the global average of $141 per record across all industries. This is followed by financial services ($336 per capita), services ($274), life science ($264), and industrial ($259).

“Compliance failures” and “rushing to notify” were among the top five reasons the cost of a breach rose in the U.S according to the report. A comparison of the data implies that regulatory activities in the U.S. could cost businesses more per record when compared to Europe, with compliance failures costing U.S. businesses 48% more than European companies, while rushing to notify cost U.S. businesses 50% more than European companies. In addition to this, U.S. companies reported paying over $690,000 on average for breach related notification costs – more than double the amount of any other country.

Malicious or criminal attacks were the primary causes of data breaches in the U.S. and the most costly according to the survey, with these types of attacks accounting for for 52% of all incidents. Human error and system glitches each account for 24%.

< image of pie chart – type of attack >

When it comes to data breaches, time is money

According to the study, the speed at which an organization can suppress a data breach incident has a direct impact on the financial consequences. The cost of a data breach was nearly $1 million lower on average for those organizations that were able to contain a data breach in less than 30 days.

For the third year in a row, the study found that having an Incident Response (IR) team in place further reduces the cost of a data breach, saving more than $19 per record. This is due to the fact IR teams are more likely to have formal Incident Response plan in place and react quickly to the incident to get the business back on its feet while mitigating further losses.

With such significant cost savings to be made, the Cost of Data Breach Report suggests that there is plenty of room for improvement when it comes to the length of time it takes organizations to identify and respond to a breach.

Organizations must act sooner rather than later

The report serves as a reminder to businesses that they should ensure they have a business continuity program or disaster recovery plan in place.

Ponemon Institute founder and chairman said in a statement “Data breaches and the implications associated continue to be an unfortunate reality for today’s businesses, Year-over-year we see the tremendous cost burden that organizations face following a data breach. Details from the report illustrate factors that impact the cost of a data breach, and as part of an organization’s overall security strategy, they should consider these factors as they determine overall security strategy and ongoing investments in technology and services.”

When it comes to data breaches in today’s fast-paced tech-everything society, the odds are stacked against any business, especially those who are operating in regulated industries. For those organizations leaving themselves vulnerable to an attack, it seems it is no longer a case of if a breach will happen, but rather when a breach will happen.