There are 6.03 million reasons for organizations to protect
their databases from cyber-attacks. The 2016 Cost of Data Breach Study (the
"Study"), produced by IBM and the Ponemon Institute, serves as a sharp reminder
for organizations to continue to bolster their data security
initiatives. According to the Study, the average cost of a data
breach is up 12.5% over the past year, from $5.32 million to $6.03
million. Adding to the concern, there is a 26% chance of a material
data breach involving at least 10,000 lost or stolen records
occurring within the next 2 years.
The Study examined the costs sustained by 24 Canadian companies
from 11 different sectors over a 12-month period. Organizations
that suffered a catastrophic number of breached records (more than
100,000 lost or stolen records) were omitted from the Study in an
effort to provide representative results. This means, for example,
that the massive data breach suffered by Ashley Madison was not accounted for in this
Some key findings:
The average number of breached
records among the participating companies was 21,200, at an average
cost of $278 per lost or stolen record.
Malicious and criminal activity is
the leading cause of data breaches – accounting for 54% of
all breaches. Such activity takes the most time to detect and
contain: an average of 239 days, a sharp contrast to the 170 days
for breaches caused by human error. Unsurprisingly, the Study
confirmed that the longer it takes an organization to identify and
contain a breach, the more costly the breach becomes.
Data breaches caused by extensive
migration to the cloud, third party errors, or lost or stolen
devices lead to well above average costs of $300.05 per lost or
stolen record. These costs include both indirect expenses –
which include the amount of time, effort and other organizational
resources spent on resolving the breach – and direct
One of the most significant financial
impacts for organizations that have suffered a data breach is the
loss of business suffered by breached organizations. This category
includes abnormal customer turnover, increased customer acquisition
activities, reputation losses, and diminished goodwill. Loss of
business alone makes up more than 37% of the total cost incurred as
a result of a breach. On average, a data breach costs an
organization $2.24 million in lost business.
However, not all is doom and gloom. The Study identified certain
factors that reduced the cost of a data breach. Organizations that
had incident response teams and plans, employee training programs,
board-level involvement and participation in threat sharing, and
used extensive encryption decreased costs by as much as $25 per
lost or stolen record, reducing the average cost per lost or stolen
record to $253. While organizations have always been well aware of
the qualitative reasons to prevent data breaches, the Study helps
quantify the importance for organizations to invest in preemptive
measures that reduce vulnerability and mitigate costs if breaches
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
To print this article, all you need is to be registered on Mondaq.com.
Click to Login as an existing user or Register so you can print this article.
Register for Access and our Free Biweekly Alert for
This service is completely free. Access 250,000 archived articles from 100+ countries and get a personalised email twice a week covering developments (and yes, our lawyers like to think you’ve read our Disclaimer).