Grafvision - Fotolia
- Kathleen Richards, Information Security
The average total cost of a data breach climbed to $4 million, from $3.79 million in 2015, according to the Ponemon Institute's "2016 Cost of Data Breach Study: Global Analysis." Released in June, the study, sponsored by IBM, is based on independent research conducted by the Ponemon Institute. The research organization surveyed 383 companies in 12 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, South Africa -- a first-time participant -- the Arabian region (United Arab Emirates and Saudi Arabia), the United Kingdom and the United States.
All of the participating companies experienced breaches. The number of lost or stolen records with personally identifiable information -- a name and medical record, financial information or debit card -- ranged from roughly 3,000 to 101,500, the study shows. The data breach cost per compromised record increased to $158 in 2016, from $154 a year earlier.
Almost half of the breaches (48%) are caused by malicious or criminal attacks, according to the 2016 findings. These types of attacks also take a longer time to identify and contain, leading to a higher cost per breach. System glitches in IT or business processes (27%) and human errors by employees or contractors (25%) accounted for the remaining breaches.
The biggest data breach cost is loss of business, the study shows. The cost of losing customers is highest for U.S. companies, which lost an average of $3.97 million. That calculation includes "the abnormal turnover of customers, increased customer acquisition activities, reputation losses and diminished goodwill," according to the report.
Steps to improve data governance and extensive use of encryption, data loss prevention and data classification schemes are among the factors that can lower data breach cost. An incident response team, employee training and threat information sharing are also factors that can lower per capita cost, according to the Ponemon Institute study. Hiring a CISO is among the factors shown to decrease data breach cost.
Can cyberinsurance reduce the cost of a data breach?
How Verizon's DBIR handles data breach estimates
What are the costs of data breach lawsuits?