The Ponemon Institute and Symantec recently released the 2013 Global Cost of a Data Breach study indicating that the cost of a data breach went up from $130 per lost record to $136 per lost record. The total cost per data breach was the $5.4 million in the US, the highest cost of all countries surveyed. According to the data, a lost or stolen device adds an extra $8 per record to the cost, showing that this is a trigger area that can cost companies more.
This is the 8th year of this report, assessing the data breach experiences of nearly 300 companies in 9 countries across 15 industries, looking at mid-range breaches affecting from 1,000 to 100,000 records. According to the report, malicious or criminal attacks are the most costly causes of data breaches, often because the surprise / panic push for a faster / more aggressive solution to the problem (which is more costly). The human factor / negligence and system glitches (IT and business process failures) account for 64% of data breaches, the most common source of breaches. Though a lot of focus is given to external threats, the dangers from the inside continue to be insidious and costly.
This report differentiates data breach costs for the first time, indicating that Healthcare breaches are the most expensive ($233 per lost record), followed by Financial ($215) and Pharmaceuticals ($207). In many organizations, lost business costs represent the largest financial consequence of a data breach. These costs include customer churn, customer acquisition activities, and brand reputation damage, which could linger for a long period of time. The true cost of a data breach also includes intangibles such as opportunity costs affected by the breach, but these cannot be easily quantified.
We agree with Symantec in some of the basic practices to prevent data breaches or to reduce costs in the event a breach does occur. Education and the use of data loss prevention technology can go a long way to protecting the sensitive data in your organization. If a breach occurred, costs per record were dramatically lowered by having a strong security posture, an incident response plan, and a CISO.