For the last eleven years the Ponemon Institute has conducted a cost impact security study of data breaches on organizations worldwide. The latest study, done in partnership with IBM Security, published in 2016, reports on data breaches in 383 organizations across 16 industries and in 12 different countries. In addition to cost data, the global study summarizes seven megatrends they have observed over the years the study has been conducted:
1. Since first conducting the security research, the cost of a data breach has not fluctuated significantly. This suggests that it is a permanent cost that organizations need to be prepared to deal with and incorporate into their data protection strategies.
2. The biggest financial consequence to organizations that experienced a data breach is lost business. Following a data breach, organizations need to take steps to retain customers' trust to reduce the long-term financial impact.
3. Most data security breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
4. The longer it takes to detect and contain a data security breach, the more costly it becomes to resolve. The study shows that, over the years, detection and escalation spending has increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain.
5. Regulated industries, such as healthcare and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers.
6. Improvements in data governance programs reduce the cost of a data breach. Incident response plans, appointment of a CISO, employee training and awareness programs and a business continuity management strategy continue to result in cost savings.
7. Investments in data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year’s study revealed a reduction in the cost when companies participated in threat sharing and deployed data loss prevention technologies.
We've summed up some of the study's key findings in this infographic:
To download the 2016 Cost of Data Breach Study, click here.
Phillip Bandy is ShareVault’s chief information security officer (CISO) and is responsible for establishing security standards and controls, guiding the implementation of security technologies, and managing the establishment and implementation of security policies and procedures. He is an expert in computer incident response and has implemented computer security controls for NASA’s Mission Control.
Stay up to date on the latest industry tips and advice