Data Breaches Cost Companies $3.8 Million, On Average, Says Study

With cyberthieves increasingly targeting medical records and financial data around the globe, companies are finding the average cost of a data breach has been skyrocketing – and now tops $3.8 million on average, according to a recent study.

Ponemon Institute, a data research organization, said Wednesday (May 27) that the $3.8 million tally represents a 23 percent increase over levels seen two years ago. The study, which included responses from 350 companies that experienced breaches spanning 11 countries, found that average costs for each compromised record marked by sensitive information, whether lost or stolen, was up 6 percent to $154 from $145. Perhaps not surprisingly, healthcare stands as the industry with the highest data breach costs, with an average cost per record of as much as $363.

The retail industry, where marquee names have borne repeated attacks but many smaller companies have also suffered, has seen its average cost per stolen record grow from $105 in 2014 to $165 this year. The average costs cited do not take into account what would be termed “mega breaches,” which impact millions of customers, and which have been among the more high profile cyber attacks of the past few years, such as those suffered by JP Morgan and Target. The impact of those data assaults can run into the hundreds of millions of dollars.

“Based on our field research, we identified three major reasons why the cost keeps climbing,” said Dr. Larry Ponemon, chairman and founder, Ponemon Institute in a release documenting the study’s findings. “First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management.”

Costs include fixing the breach itself, which may require hiring experts, and monitoring credit of those affected by the breach, the study found. And there is also the hidden cost of lost business in the wake of compromised data. The US and Germany spent the most of all the reporting nations to resolve a malicious or criminal attack – at a respective $230 and $224 per record – Ponemon found. Hackers and criminal insiders cause the most data breaches, Ponemon found.

Ponemon stated that 47 percent of all breaches in the most recent study were caused by malicious, or criminal, attacks. The average cost per record to resolve such an attack is $170. In contrast, system glitches cost $142 per record and human error or negligence is $137 per record.


New PYMNTS Report: Preventing Financial Crimes Playbook – July 2020 

Call it the great tug-of-war. Fraudsters are teaming up to form elaborate rings that work in sync to launch account takeovers. Chris Tremont, EVP at Radius Bank, tells PYMNTS that financial institutions (FIs) can beat such highly organized fraudsters at their own game. In the July 2020 Preventing Financial Crimes Playbook, Tremont lays out how.

Click to comment