Latest Stats on How Much Data Breaches Really Cost

With cybercriminals increasingly targeting medical records and financial data around the globe, companies are finding the average cost of a data breach has been skyrocketing — and now tops $3.8 million on average, according to a recent study.

Ponemon Institute, a data research organization, announced Wednesday (May 27) that the $3.8 million tally represents a 23 percent increase over levels seen two years ago.

The study, which included responses from 350 companies that experienced breaches spanning 11 countries, found that average costs for each compromised record marked by sensitive information, whether lost or stolen, was up 6 percent to $154 from $145. Perhaps not surprisingly, health care stands as the industry with the highest data breach costs, with an average cost per record of as much as $363. The retail industry, where marquee names have borne repeated attacks but many smaller companies have also suffered, has seen its average cost per stolen record grow from $105 in 2014 to $165 this year.

The average costs cited do not take into account what would be termed “mega breaches,” which impact millions of customers, and which have been among the more high profile cyber attacks of the past few years, such as those suffered by JPMorgan and Target. The impact of those data assaults can run into the hundreds of millions of dollars.

“Based on our field research, we identified three major reasons why the cost keeps climbing,” said Larry Ponemon, chairman and founder of Ponemon Institute, in a release documenting the study’s findings. “First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management.”

Costs include fixing the breach itself, which may require hiring experts, and monitoring credit of those affected by the breach, the study found. And there is also the hidden cost of lost business in the wake of compromised data. The U.S. and Germany spent the most of all the reporting nations to resolve a malicious or criminal attack, at a respective $230 and $224 per record, Ponemon found.

Hackers and criminal insiders cause the most data breaches, Ponemon also discovered. In its report, Ponemon reported that 47 percent of all breaches in the most recent study were caused by malicious, or criminal attacks. The average cost per record to resolve such an attack is $170. In contrast, system glitches cost $142 per record and human error or negligence is $137 per record.

To check out what else is HOT in the world of payments, click here.


Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 AML/KYC Report, Zillow’s Justin Farris tells PYMNTS how the platform incorporates stringent authentication without making the onboarding and buying experiences too complex.

Click to comment