The cost of a data breach? $214 per compromised record and averaged $7.2 million per data breach event, says the Ponemon's U.S. Cost of a Data Breach report.
It’s not only direct costs of a data breach, such as notification and legal defense costs that impact the bottom line for companies, says Dr. Larry Ponemon, but also indirect costs like lost customer business due to abnormal churn.
According to this year's study:
Rapid response to data breach costs more. For the second year, companies that quickly respond to data breaches pay more than companies that take longer. This year, they paid 54 percent more.
Malicious or criminal attacks are causing more breaches. This year malicious attacks were the root cause of 31 percent of the data breaches studied. This is up from 24 percent in 2009 and 12 percent in 2008. The significant jump in malicious attacks over the past two years is certainly indicative of the worsening threat environment, Dr. Ponemon says. Malicious attacks come from both outside and inside the organization, ranging from data-stealing malware to social engineering.
Companies are more proactively protecting themselves from malicious threats. Three response characteristics increased in frequency: the number of organizations responding quickly (within 30 days), those putting CISOs in charge of data breach response, and those with an above-average IT security posture. Moreover, breaches due to systems failures, lost or stolen devices and third-party mistakes all fell. And, average detection and escalation costs went up by 72 percent, suggesting that companies are investing more resources in prevention and detection. Taken together, these figures may indicate organizations are taking more active steps to thwart hostile attacks, he says.