The number of data breaches is on the rise, and so is the cost per breach.It has grown to $4 million in the past year, with more than 30% from 2013, according to a new Ponemon and IBM study.
“Data breaches are now a consistent cost of doing business in the cybercrime era,’” says Larry Ponemon, chairman and founder of the Ponemon Institute. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”
On average,companies lose $158 per stolen record. That’s $4 more than in 2015. And in the healthcare industry things look even worse – a compromised record can actually cost a company about $355.
This is a reminder that hospitals store troves of valuable personal information. On the black market, personal medical records are the new currency. They are 10 times more expensive than credit cards, according to Experian. That’s partially because stolen data often includes Social Security numbers that can be used in identity theft.
“Malicious actors want as much intelligence as they can get, and health care is the easiest attack surface for seasoned and non-seasoned hackers,” says James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C.
When it comes to who pays the most, the US ($221) and Germany ($213) have the highest costs, while the lowest are in Brazil and India. Detection, forensic and investigative activities, assessment and audit services and crisis team management account for the bulk of those expenses.
Most data breaches were caused by malicious or criminal attacks, according to the survey. In the UK specifically, 51% of companies are most likely to experience a data breach caused a cyber-attack, rather than by a system glitch or business process failure.
The study also found that the average time to identify a breach was 201 days, while the average time to contain it was 70 days. Needless to say, the benefits of responding quickly translate into significant amounts of money. Companies that have managed to identify the intrusion in the first 100 days saved up to $1 million.
“While the risk is inevitable, having a coordinated and automated response plan, as well as access to the right resources and skills, will make or break how much a company is impacted by a security event,”Ponemon adds.
To decrease the cost of a data breach, companies, small, medium or large, should apply these hands-on measures: