The average cost of damages caused by a data breach in the U.S. now totals $6.5 million, according to research provided by the Ponemon Institute.
Over the last several years, there has been a great change in how the public perceives cyberthreats and their influence on the economy. This mindset or belief may have been most greatly influenced by North Korea’s alleged cyberattack on Sony Corp. Today, the threat of targeted cyberattacks is increasing on both a macro and micro level. This report helps shed light on the monetary damages associated with small to medium sized attacks focused on enterprise.
Ponemon’s study focuses on attacks where less than 100,000 records were stolen in the attack during the survey period, meaning that major breaches like those connected to Sony, Target and Home Deport would not be included.
The idea is to get an impression of the monetary damage incurred by cyberattacks on a base level that is not skewed by extreme or unique cases.
By measuring the affect of cyberattacks on 62 individual victim companies from 16 different market sectors, the study accounts for the costs brought on buy actual/reported data loss incidents. The $6.5 million worth of 2015 damages represents a $600,000 increase in just the last year. In addition, the average cost for each lost or stolen record containing sensitive and confidential information increased from $201 to $217.
The average total cost of a data breach grew by 11 percent year-over-year and the average per capita cost rose by 8 percent. Of the $217 per compromised record price point, only $74 is used to directly resolve the data breach via investments in technologies and/or legal fees, according to the Ponemon Institute report. The other $143 pertained to other indirect costs, such as abnormal turnover and a greater than expected loss of customers.
Here are a few other key takeaways from the report:
Beware of crime: 49 percent of incidents involved a malicious or criminal attack
Education can only do so much: 19 percent of breaches were caused by negligent employees
Sometimes it’s just bad luck: 32 percent of breaches involved system glitches and/or IT/business process failures
Malicious attacks are the worst: Companies that had a data breach inspired by malicious or criminal attacks had a per capita data breach cost that was much higher than in other situations
Heavily regulated industries are big targets: healthcare, pharmaceutical, financial, energy, and transportation, communications and education were found to have a per capita data breach cost substantially above the overall mean of $217 per lost record
Corporate cybersecurity is expensive: Average detection and “escalation” costs increased dramatically from $420,000 to $610,000 year-over-year. In 2015 the average notification cost also increased from $510,000 in 2014 to $560,000. In addition, the cost of mitigating the attacks also rose: from $1.60 million in 2014 to $1.64 million in this year’s study.