What is the cost of a data breach?

September 17, 2014
min read

In 2013, there were 1,367 confirmed data breaches and 63,437 security incidents in 95 different countries according to Verizon’s 2014 Data Breach Investigations Report. 2013 may be considered as the “year of the retailer breach” as many larger retailers had confirmed large-scale data breaches that risked its customer’s data. Target having suffered the most, and more recently Gmail, Central Utah Clicnic, JP Morgan, Home Depot, and George Mason University have all confirmed breaches.

So what is the actual cost of a data breach?On a global scale, the Ponemon institute produced some interesting results in their “2013 Cost of Data Breach Study: Global Analysis”.

The report goes into great detail in analyzing business costs associated data breaches including detection, escalation, notification, and post response expenses. It also analyzes the economic impact post breach in terms of diminishing customer trust and confidence.According to Ponemon, Germany and the US had the most expensive data breaches – with an average per capita cost of a data breach at $199 and $188, respectively.The US actually experienced the highest average total cost of data breaches with an average of $5.4 million dollars per company.In their analysis, there are seven factors that influence the cost of a data breach. These seven factors include:

  1. The company had an incident management plan
  2. The company had a relevatively strong security posture at the time of the incident
  3. The company met with CISO or an information security professional
  4. Data was not lost due to a third party
  5. The company had a quick response system for notifying victims
  6. The data breach involved stolen items or devices
  7. Consultants were engaged post breach

The three factors that increase the cost of a data breach are: Third Party Error, Lost or Stolen Devices, and Quick notification.Based on the Ponemon report, what significantly decreases the cost of a data breach are (see above): consultants engaged, CISO appointment, Incidence response plan, and a strong security posture.In addition, the report points out that there is a direct relationship between abnormal churn rate of customers (which is what is likely to happen post breach) and higher costs of a data breach. The highest lost business cost due to abnormal customer churn is an average cost of over $3.03 million, which was experienced by US companies.

To put this into perspective, it’s been nearly a year since Target had its data breach in December 2013, and the incident cost shareholders a whopping $148 million which was partially offset by insurance receivables totaling $38 million.

Preventative measures are the most significant way to reduce your risk and costs associated with a data breach. The more secure your company is, the less likely it would be for important data to be stolen – The ROI is much higher on preventative measures than believing something wont happen to your organization.