Grafvision - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Data breach cost: What influences it the most?

Malicious or criminal attacks take a longer time to identify and contain, research shows, leading to a higher cost per breach. We look at the numbers.

This article can also be found in the Premium Editorial Download: Information Security magazine: DevOps and security? Here's how:

The average total cost of a data breach climbed to $4 million, from $3.79 million in 2015, according to the Ponemon Institute's "2016 Cost of Data Breach Study: Global Analysis." Released in June, the study, sponsored by IBM, is based on independent research conducted by the Ponemon Institute. The research organization surveyed 383 companies in 12 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, South Africa -- a first-time participant -- the Arabian region (United Arab Emirates and Saudi Arabia), the United Kingdom and the United States. 

All of the participating companies experienced breaches. The number of lost or stolen records with personally identifiable information -- a name and medical record, financial information or debit card -- ranged from roughly 3,000 to 101,500, the study shows. The data breach cost per compromised record increased to $158 in 2016, from $154 a year earlier.

Almost half of the breaches (48%) are caused by malicious or criminal attacks, according to the 2016 findings. These types of attacks also take a longer time to identify and contain, leading to a higher cost per breach. System glitches in IT or business processes (27%) and human errors by employees or contractors (25%) accounted for the remaining breaches.

The biggest data breach cost is loss of business, the study shows. The cost of losing customers is highest for U.S. companies, which lost an average of $3.97 million. That calculation includes "the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill," according to the report. 

Steps to improve data governance and extensive use of encryption, data loss prevention and data classification schemes are among the factors that can lower data breach cost. An incident response team, employee training and threat information sharing are also factors that can lower per capita cost, according to the Ponemon Institute study. Hiring a CISO is among the factors shown to decrease data breach cost. 

Next Steps

Can cyberinsurance reduce the cost of a data breach?

How Verizon's DBIR handles data breach estimates

What are the costs of data breach lawsuits?

This was last published in August 2016

Dig Deeper on Data security breaches



Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is the cost-per-record model the best way to estimate the cost of a data breach?







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...