According to the Ponemon Institute 2016 Cost of Data Breach Study (sponsored by IBM), the total cost a company should expect to spend in response to a data breach has once again increased both globally and in the United States. The average cost paid for each lost or stolen record containing sensitive and confidential information is also on the rise.
Globally, the average total cost of a data breach for the 383 companies participating in the study increased from $3.79 million to $4 million. The average cost for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study. In the United States, the average total cost of a data breach for the 64 companies participating in the study increased from $6.53 million to $7.01 million. The average cost for each lost or stolen record containing sensitive and confidential information increased from $217 in 2015 to $221 in this year’s study.
The IBM-Ponemon study also found that data breaches are most costly in “regulated industries,” such as health care and financial services because of “fines and the higher than average rate of lost business and customers.” In fact, the health care industry reported the highest average cost per lost or stolen record at $355 globally and $402 in the U.S.
As the costs associated with responding to a data breach continue to rise, organizations should continue to take proactive steps to protect sensitive and confidential information. At the same time, organizations (especially in heavily regulated industries), must understand that effectively responding to a data breach is not cheap. Here in the U.S., experiencing a data breach is especially costly as the U.S. had both the highest average total organizational cost and the highest average per capita cost amongst the 12 countries (Australia, the Arabian region (Saudi Arabia and United Arab Emirates), Brazil, Canada, France, Germany, India, Italy, Japan, South Africa, United Kingdom, and United States) participating in this year’s study.
These statistics are not meant to scare you—they are meant to prepare you! We have helped our clients prepare for and respond to data breaches by:
- developing incident response plans, vendor management programs employee, and board of director training;
- reviewing cyber insurance policies and credit monitoring and identity theft protection options;
- hiring outside forensic and threat intelligence experts, call and mailing centers and PR firms;
- handling data breach notification obligations;
- handling subsequent government investigations and litigation; and
- MUCH MORE!
We provide our clients a variety of resources. We track data breach laws, provide multidisciplinary resources, such as the Midwest Cyber Security Alliance meetings, blog on current hot issues, and offer model policies, among other things, for our clients. Please contact us to help you prepare and get access to these resources.