July 18, 2016

What is the Average Cost of a Data Breach in 2016?


Data breaches are now considered to be a standard business cost… and one that keeps going up, according to the 2016 Cost of Data Breach Study by Ponemon and IBM.

The annual study, which was conducted with companies in a dozen countries including the U.S. and the U.K., showed that in just two years, the average cost of a data breach increased 29%.

In 2015, the average cost paid for each lost or stolen record was £102, while the average total cost of a data breach increased to £2.53 million from £2.37 million in 2014.

The significant cost factors of a data breach that the study identified

Records: A ‘compromised’ record identifies the person whose confidential information has been lost or stolen. All the participating organisations had a data breach affecting from approximately 3,000 to slightly more than 101,500 compromised records. The study estimated a 26% probability of a data breach involving 10,000 lost or stolen records within the next two years.

Lost Business: The biggest financial outcome of a data breach is loss of business. This is due to abnormal turnover of customers, increased customer acquisition activities, reputation losses, and reduced goodwill.  

Timing: The time it takes to identify and contain a breach affects the cost. The research showed it took significantly longer to identify and contain malicious attacks and criminal attacks (which caused 51% of breaches) compared to human error (which caused 24% of breaches) and system glitch (25%) breaches.  

Customer Churn: Customer churn is the number of customers a company loses – and this often happens after a data breach. The study showed that loss of customers increased the cost of data breach, and some sectors are more likely to experience churn. In general, the churn rate is highest in financial and life science organisations.  

What can organisations do to better safeguard confidential information and even reduce the cost of a data breach in 2016?

  • Implement an incident response team (the study showed this can reduce the cost of a data breach by £12 per record).
  • Use encryption for all sensitive data on hard drives.
  • Provide ongoing security training for mobile and office-based employees. Lost or stolen devices increased the cost of a data breach in the study.
  • Participate in threat-sharing programmes.
  • Utilise business continuity management (BCM) to identify – and address – the risk of threats.  
  • Appoint a Chief Information Security Officer (CISO).
  • Evaluate third parties and other partners for their information security practices.
  • Use a comprehensive document management process so confidential information is protected, from creation to disposal.
  • For a fully protected workplace, partner with an expert that provides secure document destruction and hard drive destruction.    

Secure workplace policies are key to protecting an organisation’s confidential information.  Learn how to protect yourself and your organisation.