Recently, IBM and Ponemon Institute released their 2019 Cost of Data Breach Report. The statistical information presented was based on a collection of interviews (3,211 people) working in more than 500 organizations (large and small). A ton of cost factors were taken into account to produce these stats, including legal fees, customer turnover, technical activities, and loss of brand equity. Since IBM and Ponemon Institute have been conducting this research and annually producing this report for the last 14 years, we now have historical data to draw from to discover the trends.
Here are the big numbers:
Average total cost of a data breach = $3.92 million
Average size of data breach = 25,575 records
Time to identify and contain data breach = 279 days
Let’s talk about the root causes of a data breach. There were two major types at the forefront. Malicious cyber attacks are the most expensive and most common type of data breach, with compromised data instigated from human error being the second most costly type. New organizational characteristics impact the cost, including; operational technology (OT) environments; the complexity of security environments; and the process of closely coordinating development, security, and IT operations functions (DevSecOps).
The research concluded four major cost components. These process-related activities drive a range of expenditures and are associated with an organization’s data breach detection, response, containment and remediation.
4 major cost categories:
- Detection and Escalation: Activities that enable a company to detect the breach and report it to appropriate personnel.
- Notifications: Activities that enable the company to notify individuals who had data compromised in the breach and regulators.
- Post Data Breach Response: Processes that are set up to help customers communicate with the company, such as call centers, as well as costs associated with redress and reparation.
- Lost Business: This is the biggest contributor to data breach costs. The average cost of lost business for organizations in the 2019 study was $1.42 million, which represents 36 percent of the total average cost of $3.92 million.
Other useful conclusions concern the odds of experiencing a data breach in the future. The short answer is, they’re increasing… Organizations today are nearly one-third more likely to experience a breach within two years than they were in 2014.
There are concrete ways to mitigate the costs and risks of a cyber attack while improving security posture. Incident response teams and the testing of incident response plans are high up on the list. As well as the following activities:
- Discover, classify and encrypt sensitive data and identify database misconfigurations.
- Invest in technologies that help improve the ability to rapidly detect and contain a data breach.
- Invest in governance, risk management and compliance programs.
- Beware of IT complexity and disconnected security solutions.
An intelligent SIEM solution can check many of the boxes an organization needs to mitigate the risks of a cyber attack while streamlining the tools and processes they’re paying for in order to be more secure. Managed Security Services from Volta helps organizations gain comprehensive visibility, detect known and unknown threats, and continuously improve upon that detection. We can also act as an incident response team by supplementing IT security talent. Contact Volta for more information.