By Michelle Drolet
Founder & CEO
Ms. Drolet is responsible for all aspects of business for Towerwall. She has more than 24 years of,
Read More3 Minute 43 Second Read
January 30, 2018
The 2017 Cost of Data Breach Study from the Ponemon Institute, sponsored by IBM, puts the global average cost at $3.6 million, or $141 per data record. That’s a reduction on the average cost in 2016, but the average size of data breaches has increased. It’s also worth noting that the average cost of a data breach in the United States is much higher at $7.3 million.
You can use the data breach calculator to arrive at a good estimate for your business. It allows you to factor in, not just by location and industry, but also lots of pertinent extras like compliance considerations, third-party involvement, insurance protection, and a whole lot more.
The size of the breach is also, obviously, an important factor in determining the overall cost. For a breach that results in less than 10,000 records being compromised, the average total cost is $1.9 million, but for 50,000 or more that rises to $6.3 million.
As the General Data Protection Regulation (GDPR) comes into effect in May, the cost of non-compliance could be about to skyrocket. It’s also worth remembering the potential for reputational damage to cause a downswing in any company’s fortunes. An interesting assessment of British telecoms company TalkTalk by Alva shows the impact of data breaches on reputation, and highlights how reputational risks grow more damaging when they aren’t successfully managed.
Breaches will happen, but how you act to mitigate them has a very real impact on the bottom line. While the initial data breach is certain to cost money to fix, things get a great deal more expensive when they’re mishandled. For example, Equifax made a bad situation a lot worse by delaying disclosure, misdirecting potential victims, and failing to patch known vulnerabilities.
Putting a good security awareness program in place isn’t just a preventative measure, it also trains people in how to act when a suspected data breach does occur. Ponemon found that an incident response team can reduce the cost of a breach by up to $19 per record. If you want to keep costs down, having a solid response plan in place and taking the right action quickly is vital.
It stands to reason that the faster a data breach is uncovered and contained, the less it will cost, but most organizations still have a lot to do in this area. Ponemon found the average time to identify was around 191 days last year, with another 66 days on average required to contain the breach. These times could be reduced if every organization would keep up to date with NIST’s Cybersecurity Framework, keep tighter control of its data, and consider scanning the dark web for threat intelligence.
There’s no doubt that the potential cost of a large data breach should be enough to give many executives a sleepless night. But that fear should be leveraged by CISO’s and other InfoSec professionals to persuade organizations to do the right thing and invest properly in cybersecurity. It might not be possible to completely prevent breaches, but the right preparation can dramatically reduce the resulting cost.
This article was originally posted in CSOOnline >
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checkbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checkbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |