What will a data breach cost?

by Dirk Shaw

Every business proposition is made up of risk and reward; identifying and taking advantage of a market opportunity through the deployment of capital and resources. But quantifying that risk in the digital age can be a challenge, especially when accounting for the somewhat nebulous cost of a data breach.

The Ponemon Institute’s thirteenth annual study helps to provide more clarity with its analysis, but a comprehensive understanding of that “cost” requires business leaders to consider factors such as the investment in preventative measures, regulatory and compliance requirements, and lost revenue from customer fallout.

The Institute’s data focuses primarily on the “per capita” concept, standardizing the damage done by breaches of different sizes to a single unit, but also revealed average breach cost ($3.86m), per-capita cost ($148 per record), and the average size of breaches continue to increase year over year.

Some factors, such as the region in which a breach took place, can have an outsized impact as notifications costs in the US can be five times more expensive than the global average, but in most cases, the best offense is a good defense. For the fourth year in a row, the PI showed a correlation between the total cost and how quickly an organization identifies and contains a threat, averaging 197 and 69 days respectively. This preparedness is vital, and Incident Response Teams can reduce costs by $14 / record, and substantial use of encryption can save another $13 / record.

A speedy response time can play a major role in the extent to which customers view these events as a breach of trust, as a loss of 1-4% of customers resulted in an average revenue hit of $2.8-$6m. Prompt messaging, above-and-beyond regulatory requirements, can help undo the damage perceived by customers, rebuilding relationships with those who otherwise might feel they were kept in the dark.

For the first time, this year’s study explored the impact of adopting automated AI in their security systems, which save an average of $8 per record. Ultimately the cost of a breach is made up of many factors, but a balanced approach of strategies to manage the factors within one’s control can significantly lessen the overall cost of a breach, reducing business risk along the way.

Read the original article here.