Organizations experiencing data breaches are once again paying a higher price than the year before, according to a study by the Ponemon Institute and sponsored by IBM. According to the report, the average cost of a data breach is now $4 million, up from the $3.8 million in the same report for 2015.
Prices for dealing with data breaches are consistently rising. In 2016, the average cost per lost or stolen record according to the report is $158, up from $154 in the 2015 report and $145 in the 2014 study. This increase represents a 29 percent increase since 2013.
The average cost of a stolen or lost record varies depending on the industry involved, with lost or stolen health care records worth $355, reaching a record high in 2016. It is also important to note that legal costs associated with breaches are rising as well. Forty-seven states in the United States have separate breach notification laws. Additionally, the average cost of a legal settlement after a breach in the U.S. now stands at $880,000.
When analyzing the root causes of data breaches, the study found that 48 percent of data breaches were the result of malicious attacks to an organization. According to Larry Ponemon, Chairman and Founder of the Ponemon Institute, “these breaches also take the most time to detect and contain. As a result, they have the highest cost per record.” Much damage can be done before the breach is even identified. The report found that the average time to identify a breach now stands at 201 days.
What can be done?
The report recommended that organizations have a response team at the ready. Ponemon noted that “Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches.” According to the report, by putting some prevention plans in place, organizations can experience significant cost savings. The process can effectively be streamlined, saving time and money.