Why the Cost of Global Data Breach Increased Significantly

On average, companies around the globe are spending $3.5 million to respond to a data breach, according to Ponemon Institute.

The average consolidated total cost of a data breach increased 15 percent in the last year to $3.5 million, according to a study of 314 companies spanning 10 countries by Ponemon Institute. The study also found that the cost incurred for each lost or stolen record containing sensitive and confidential information increased more than nine percent to a consolidated average of $145.

The research involved the collection of detailed information about the financial consequences of a data breach. For purposes of this research, a data breach occurs when sensitive, protected or confidential data is lost or stolen and put at risk.

This year’s Cost of Data Breach Study also provides guidance on the likelihood an organization will have a data breach.

Key takeaways

  • The most costly breaches occurred in the U.S. and Germany at $201 and $195 per compromised record, respectively. The least expensive data breaches were in India and Brazil at $51 and $70, respectively.
  • Root causes of data breaches differ among countries. Countries in the Arabian region and Germany had more data breaches caused by malicious or criminal attacks. India had the most data breaches caused by a system glitch or business process failure. Human error was most often the cause in the UK and Brazil.
  • A strong security posture was critical to decreasing the cost of data breach. On average, companies that self-reported they had a strong security posture were able to reduce the cost by as much as $14 per record.
  • The involvement of business continuity management reduced the cost of data breach by an average of almost $9 per record.
  • The appointment of a Chief Information Security Officer (CISO) to lead the data breach incident response team reduced the cost of a breach by more than $6.
  • The greatest threats to the companies in this study are malicious code and sustained probes.
  • Only 38 percent of companies have a security strategy to protect its IT infrastructure. A higher percentage (45 percent) has a strategy to protect their information assets.

Add new comment