IBM recently sponsored a report by the Ponemon Institute which incorporated 350 companies from 11 countries over a ten-year period in order to gauge the cost of data breaches on average during that time. The results were staggering. The researchers have found that theft, corruption, or misuse of even a small portion of enterprise data can have serious consequences and financial impact, and that the average cost of a data breach was $3.8 million in 2015 — a 23% increase from the previous year. This worked out to an average cost of $154 per record breached, an enormous amount when you think about the astronomical number of records kept by the average firm these days.
Companies at Risk for Even Higher Data Breach Costs
The average cost of a data breach found in the study does not apply to mega breaches that affect millions of customers, as discussed in an article on Reuters. Large data breaches in companies such as Target, Home Depot, and JPMorgan Chase are typically far more costly than $3.8 million. Target’s 2014 data breach is reported to have cost the company $148 million.
Apart from these mega-breaches affecting huge retailers and service companies, the Ponemon Institute study found that there was great variance in the cost of data breaches across industries. The healthcare industry has the greatest risk for high-cost data breaches. The average cost of a lost or stolen healthcare record was as high as $363 — more than twice the average cost of data breach per record in all sectors combined.
Factors Contributing to the High Cost of Data Breach
In many cases, we hear about data breaches, but there is not necessarily a resulting direct impact on consumers in the form of unauthorized charges or identity theft causing the company to reimburse them. So what then results in these increasingly higher costs for dealing with these data breaches?
In its 2015 Cost of Data Breach Study: Global Analysis, the Ponemon Institute states that 3 major factors contributed to higher costs of data breach in 2015:
- More frequent cyber attacks and higher costs to remediate: Cost of data breaches resulting from malicious criminal attacks increased to an average of $170 from $159 per record, and criminal attacks represented 47% (up from 42%) of data breach root causes. Remediation costs can include hiring experts to repair the breach, establishing hotlines for customers, and providing credit monitoring for customers.
- Increased costs associated with detection and escalation: These costs, which include assessment and audit services, forensic and investigative actions, and crisis team management, increased from an average of $.76 million to $.99 million per data breach.
- Lost business consequences of a data breach: Lost business is potentially the most severe financial consequence of a data breach. The total average cost increased from $1.33 million to $1.57 million.
Legal Help for Businesses after a Data Breach
Our experienced attorneys at McCuneWright LLP have a successful track record on behalf of our clients in complex litigation matters. If your business has suffered a data breach, we can provide the sound legal guidance and outstanding representation you need. Contact us for a free and confidential consultation.