We all know that the cost of a data breach for enterprises can be crippling. What we hoped for is that stepped-up security measures are blunting the financial impact of cyber attacks on businesses worldwide. In somewhat of a surprise, new research indicates that there's progress: The average cost per data breach globally dropped 10 percent to $3.6 million in 2017 as compared to 2016.
According to 12th annual Cost of Data Breach study, conducted by Ponemon and underwritten by IBM Security, it’s the first time in the survey’s history that the figure has slipped. And, data breaches now cost companies on average worldwide $141 per lost or stolen record, a significant decrease from the $158 from last year’s research.
However, in the U.S., the news wasn’t quite so uplifting: The average cost of a data breach was $7.35 million, a five percent increase compared to last year.
Ponemon attributed some of the worldwide per record price erosion to a strong U.S. dollar--but still a drop is a drop. Nonetheless, lest we bask too much over security's strides, findings from the study show that companies are incurring larger breaches, up nearly two percent to more than 24,000 records.
Minimizing the Cost Per Data Breach
What’s the best way to drop the cost of a data breach? Pay attention to detail:
- Response: Maintaining a skilled IR team can significantly lower the cost of a data breach by more than $19 per pilfered record, the third year in a row the study’s results posted this key finding. Tactically, how quickly a breach can be spotted and contained owes mostly to having an IR team and a formal plan in place.
- Speed: The speed at which an organization can contain data breach incidents is directly tied to the financial impact. Ponemon revealed that the cost of a data breach was nearly $1 million lower on average for organizations that were able to corral a data breach in less than thirty days compared to those that took longer.
- Time: On average, organizations took more than six months to identify a breach, and more than 66 additional days to contain a breach once discovered, so there’s clearly room for improvement.
"Quickly identifying what has happened, what the attacker has access to, and how to contain and remove their access is more important than ever,” said Wendi Whitmore, global lead, IBM X-Force Incident Response & Intelligence Services.
“With that in mind, having a comprehensive incident response plan in place is critical, so when an organization experiences an incident, they can respond quickly and effectively," she said.
Cybersecurity Research: Additional Trends
Among Ponemon’s numerous findings, here are a few more nuggets:
- Cost: Healthcare breaches cost organizations $380 per record, or 2.5 times the global average across all industries.
- Contractors: Third-parties, ranging from payroll to cloud providers to CRM, increase the cost of a data breach by $17 per record, more than any other contributing factor.
- Encryption and training: Extensive use of encryption resulted in a $16 cost reduction per record and employee training dropped the cost by $12.50 per record.
- Orchestration: Companies deploying an automated disaster recovery process with resiliency orchestration incurred an average cost per day of $4,041, or 39 percent lower than those with manual processes.
- Europe vs. U.S.: European countries saw 26 percent decrease in the total cost of a data breach over last year's study. Compliance failures cost U.S. businesses 48 percent more than European companies, while rushing-to-notify cost U.S. businesses 50 percent more than European companies.