New Study Shows That the Global Cost of a Data Breach Is Up in 2018
The Ponemon Institute recently released its annual Cost of Data Breach Independent Study that was sponsored by IBM Security. This study included two new factors that impact data-breach costs: Artificial Intelligence (AI) and the all-encompassing use of Internet of Things (IoT) devices.
The analysis also factored in the cost of a “mega breach” — the breach of 1 million records or more — and also used a formula to measure the financial cost of customers’ loss of trust in a company.
According to the 2018 Cost of a Data Breach Study, around 25 percent of all U.S. data breaches were recognized as carelessness or user error. The study stated that users consistently failed to properly erase data from devices. The study also reveals that negligent breaches are about half as frequent as criminal breaches.
The rate of data breaches is rising, and they are costing companies more to manage. U.S. businesses are shelling out about $7.9 million per year to fight off and recover from data breaches.
Root Causes by the Numbers
The study made known that malicious or criminal attacks caused the most data breaches at 48 percent. 27 percent were due to human error, and 25 percent were comprised of both IT and business process failures (system glitches).
Data Breach Cost Is Up in 2018
In this year’s study, the average cost of a data breach per compromised record was $148, and it took companies 196 days, on average, to uncover a breach. Based on these averages, The Ponemon Institute determined that the per-capita cost, average cost, and overall cost have swollen in 2018.
With the U.S. leading the way at almost five times that of the global average of notification costs, the Middle East had the highest percentage of the most expensive type of data breaches: Malicious or Criminal Attacks.
Globally, here is how the numbers broke down:
The Size of the Breach Does Matter
The Ponemon Institute’s 2018 report found that the average total cost of a breach ranges from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 compromised records.
The study also revealed that a “mega breach” (what the Ponemon Institute deems as 1 million compromised records) can cost upwards of $39.49 million. As expected, this figure goes up as the amount of breached records grows.
The Consumer Impact
According to the report’s findings, organizations globally lost customers due to data breaches in the past year. But it also pointed out, businesses that put in the effort to improve customer trust reduced that number significantly. When a Company’s senior-level leader, such as a CEO or CISO (chief information security officer) addressed customer’s security concerns and pointed to fixing the issues, businesses lost fewer customers and reduced the overall cost of the consequences of a breach.
The Effects of AI and IoT
The 2018 study, for the first time, assessed the effects of a company implementing Artificial Intelligence (AI) and the use of Internet of Things (IoT) devices. The conclusion is AI security platforms have saved companies an average of $8 per compromised record at identifying and containing breaches by incorporating machine learning and analytics. So far, just 15 percent of companies reviewed in the study said they had fully implemented AI. At the same time, businesses that comprehensively use IoT devices pay on average, $5 more for each compromised record.
How Companies Can Reduce Data Breach Costs
In total, The Ponemon Institute’s 2018 report included 477 companies. It found that the mean time to identify a breach was 197 days, while the meantime to limit a breach is 69 days.
There are, however, strategies that support businesses and work on lowering the likely cost of a data breach. This is the 13th year of The Ponemon Institute’s study, and an alarming trend has reared its ugly head. For the fourth year in a row, the study found a connection between how fast a business detects and contains a breach and the sum of the total cost when all is said and done.
The study found that, above all, preparation and vigilance is crucial. An incident response team can reduce the cost of a breach by as much as $14 for each breached file from the average per-capita cost of $148. Comparably, extensive use of encryption can cut the cost by $13 per person. What all these statistics mean is that companies can reduce the cost of a data breach and reduce the negative effects to their company simply by being prepared. Your company needs a data breach team on staff who knows what to do and how to respond should any type of breach occur.
Brian Gray, MCP, is the President at Kraft Technology Group, LLC (KTG), an affiliate of KraftCPAs PLLC. Within his role, Brian is responsible for all aspects of service delivery to our clients. Brian has a decade of experience working for managed service providers. He has worked with clients in a variety of industries, including financial services, accounting, legal, healthcare, manufacturing, and retail.