Ponemon 2015 Cost Of Data Breach Study

Larry Ponemon surveys companies every year to see how cost of dealing with breaches is trending.  This year shows, among other things, that it costs companies an average of $217 per record breached.  That means, on average, a small breach of say 10,000 records still costs $2 million.  If you assume his numbers are high, half of that is still $1 million.  Absent insurance, that is a large check to write.

Statistics from the report (see here, registration may be required) include:

  • Cost per record breached has been around $210 +/- 5% since 2008.  While it is good that the cost per record is not going up, total records last year were over 1 billion, so that is still a large check for people to write.
  • Average total organizational cost is also basically flat since 2008 – in the $5 mil to $7 mil range per breach.  This number is trending up a little bit over the last 4 years (up $1 mil from 2012, but down from the very highest year, 2011, which was $7.24 mil).
  • Cost per record does vary by industry.  Healthcare was the highest at $398 per record; public sector the lowest at $73 (the public sector is likely the lowest because you cannot sue city hall – at least not successfully).  Other sectors were in the middle – financial at $259, services at $219,  industrial at $190 and retail at $189, for example.
  • 49% were caused by a malicious attack and 32% were caused by system or business process failures.  The rest were attributed to human error (19%).
  • Factors that influence the average cost per breached record include having an incident response team – $23.8 less, using encryption throughout – $19 less and board involvement – $9.8 less.  On the other hand, lost and stolen devices adds $12 and if third parties are involved it adds $29.
  • Churn (loss of customers) has a very big effect on average total cost.  For companies with less than 1% churn, the average total cost is $5.5 mil, for companies with more than 4% churn, the average cost is $12.7 million – more than double.

The report has many other statistics, these are just a few of the highlights.  Please click on the link above to see the report.

Leave a Reply

Your email address will not be published. Required fields are marked *