Average Cost of Data Breach: $6.5 Million, Claims Study

An annual study from IBM and the Ponemon Institute released Wednesday the 27th of May revealed that the average per capita cost while factoring a data breach rose up to $217 in 2015, up from $201 in 2014. The average total cost meanwhile, has gone up to a staggering $6.5 million, up from $5.8 million in 2014.

In the United States alone, there were 62 companies across 16 different industries who experienced data loss or data theft of protected personal data, to which the victims had to be subsequently notified of the breaches.

The factors that figured in the study

The average cost per record accounts for indirect costs as well. This includes abnormal turnover of customers as well as direct costs which constitutes for the data breach itself, along with legal fees and the technology investment that comes as a result of the breach. With direct costs, only $74 was attributed.

The study also proved that not all records are considered equals in value when stolen.

  • Health records have cost on average of $398 each.
  • Retail records have an average cost of $189 each.

The VP of security at IBM, Caleb Barlow noted that these cost differences and discrepancies aren’t all too surprising, as different records can be used for different purposes.

“A credit card [that can be gained from retailers] is something that the risk of it is really from the time it’s breached until the credit card is replaced,” he said. “The half life is a very limited period of time versus a health care record that never changes. When the genie’s out of the bottle you’re not getting her back in.”

This is said in conjunction with the recent spate of attacks on healthcare providers that have resulted in significant amounts of health care records breached with members’ privacy violated. He also went on to add that health care breaches could potentially have an impact on the unfortunate victims for decades.

“Most of what’s occurring is through organized crime,” added Barlow. “These are well-funded groups. They work Monday to Friday. They are probably better funded and better staffed than a lot people who are trying to defend against them.”

The study also pointed out to factors that could positively and negatively influence the damages and costs of a data breach. For instance, having a ready, efficient, well-trained incident response group in an organization, as a part of a wider security plan decreased the average cost to $193.2 million. Yet there’s a way to go with this, as industries continue to slowly invest in such security infrastructure. This shows, as third party breaches have increased to $246 million as an average cost.

“[Data breach planning] should be at the same level you would consider any other major business risk,” Barlow noted. “It requires the same level of planning, the same level of rehearsal and the same level of practice.”

It goes without saying that being proactive in planning ahead to deal with such attacks that potentially lead to data breaches is now a necessity.