How Much Will a Data Breach Really Cost You?
According to the Ponemon Institute’s 2018 Cost of a Data Breach Study, the average total cost of a data breach and their frequency are both increasing.
By Stuart Beattie, Product Marketing Director | January 2019
How Much Will a Data Breach Really Cost You?
According to the Ponemon Institute’s 2018 Cost of a Data Breach Study, the average total cost of a data breach and their frequency are both increasing. And not just by a small amount, the average number of data breaches was up 6.4% since they last reported in 2017, with an average cost of $3.86 million.
Gathered from interviews with more than 2,200 IT, data protection, and compliance professionals from 47 different companies around the world who had experienced a data breach, the report also contained several other alarming statistics:
- the average total cost of a data breach has increased by $240,000
- the average cost per lost or stolen record was $148
- the likelihood of a recurring breach in the next two years has risen again to 27.9%, up from 27.7% in 2017
- reputational damage has serious financial consequences too
What does this mean for my organization?
Apart from the obvious increase in risk threat, the data breach research also undertook further investigation into some of the current ways to limit the cost, giving organizations some help and hope for the future. For the first time, they looked at the influence of cybersecurity automation and the use of IoT devices and cloud computing, which exposed two interesting facts:
- The number one factor in decreasing the per capita cost of a data breach is the incident response team, and how quickly they are equipped to deal with a breach
- The number one risk for increasing the per capita cost of a data breach is third party involvement, and the lack of a secure interface or process between your organization and theirs
Further to this, when organizations had deployed an AI platform as part of their security breach management strategy and incident response team, it saved them $8 per compromised record. Or an average saving of about $1.55 million.
Conversely, the prominence of IoT devices increased the cost of a data breach by $5 per compromised record, which was amplified even further when organizations were also involved in a major cloud migration when the data breach occurred.
How can I minimize the cost of a breach?
- Act quickly. The faster a data breach is identified and contained, the lower the cost implications are. Organizations that were able to do this within 30 days saved over $1 million. But, better still, look for IGA solutions that provide automation to shut down accounts as part of an emergency lock-out function.
- Make sure you have an incident response team that uses automation to reduce costs. Having a dedicated team to manage data breaches reduced the cost by up to $14 per compromised record, with AI saving a further $8 per record.
- Get in control of your third parties. Breaches that involved third parties equated to an increase of more than $13 per compromised record – an unnecessary risk for any organization that can be mitigated with the right user management solutions in place.
- Understand that size does matter. Quite obviously, the size of a breach and the number of records or identities it affects has a follow-on impact on how much it costs you. Make sure you have ongoing visibility over who has access to what information and why, both inside and outside your organization. Use a standardized, best practice process framework to make this task much easier to implement and govern users and their access to data across the whole organization.
- Remember that data breaches have wider-reaching impacts than just your bottom line. The cost on your reputation is hard to quantify, but you can avoid these challenges by getting in control now. Organizations with an effective detection and post-breach process suffer a lot less now, and in the future.
5 recommendations to get started
Take action to protect your organization from a data breach with these easy five steps:
- Educate your employees in good IT behaviors that will help protect your organization’s data
- Find out where your data breach risks lie – generate an overview of your organization’s users and identities and what their access rights are
- Get in control of your data by cleaning up old accounts - close down those with no owners
- Ensure you have a ‘segregation of duties’ that identifies and removes toxic combinations of access rights
- Automate how you check access rights – make sure they are validated and certified regularly
Product Sheet: Identity Security Breach Management
Best practice processes for identity security breach management including an emergency lockout which enables administrators to disable a user’s access to all on-premises and cloud-based systems.
Blog: Five Ways to Reduce the Risk of a Data Breach
What do Uber, Equifax, and Three have in common? They’ve all experienced a massive data breach in the last two years. Data breaches are on the rise and with the introduction of the GDPR last year, now’s the time to take note.