Information Security

Defending the digital infrastructure

Grafvision - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Data breach cost: What influences it the most?

Malicious or criminal attacks take a longer time to identify and contain, research shows, leading to a higher cost per breach. We look at the numbers.

The average total cost of a data breach climbed to $4 million, from $3.79 million in 2015, according to the Ponemon Institute's "2016 Cost of Data Breach Study: Global Analysis." Released in June, the study, sponsored by IBM, is based on independent research conducted by the Ponemon Institute. The research organization surveyed 383 companies in 12 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, South Africa -- a first-time participant -- the Arabian region (United Arab Emirates and Saudi Arabia), the United Kingdom and the United States. 

All of the participating companies experienced breaches. The number of lost or stolen records with personally identifiable information -- a name and medical record, financial information or debit card -- ranged from roughly 3,000 to 101,500, the study shows. The data breach cost per compromised record increased to $158 in 2016, from $154 a year earlier.

Almost half of the breaches (48%) are caused by malicious or criminal attacks, according to the 2016 findings. These types of attacks also take a longer time to identify and contain, leading to a higher cost per breach. System glitches in IT or business processes (27%) and human errors by employees or contractors (25%) accounted for the remaining breaches.

The biggest data breach cost is loss of business, the study shows. The cost of losing customers is highest for U.S. companies, which lost an average of $3.97 million. That calculation includes "the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill," according to the report. 

Steps to improve data governance and extensive use of encryption, data loss prevention and data classification schemes are among the factors that can lower data breach cost. An incident response team, employee training and threat information sharing are also factors that can lower per capita cost, according to the Ponemon Institute study. Hiring a CISO is among the factors shown to decrease data breach cost. 

Article 5 of 6

Next Steps

Can cyberinsurance reduce the cost of a data breach?

How Verizon's DBIR handles data breach estimates

What are the costs of data breach lawsuits?

This was last published in August 2016

Dig Deeper on Data security breaches

Get More Information Security

Access to all of our back issues View All