As the threat to businesses becomes increasingly virtual, companies are stepping up their processes when it comes to protecting their valuable data. Research conducted for the 2017 Cost of Data Breach Study by IBM was released in June 2017 and revealed a decline of 10% in the global average cost of a data breach. Each record which is lost or stolen incurs a cost of approximately $141, an overall reduction. However, it soon becomes clear that the decline is not universal and instead it is predominantly companies in Europe, which have greater regulations to adhere to, seeing a mitigated impact of any data breaches.
Within the United States, 48 out of 50 states are operating on their own data breach laws. This means there is very little overarching regulation and companies operating in a number of states are having to spend a huge amount of time and money conforming to these laws in the event of a breach. Overall, companies in the US have to spend more for their compliance failures and their notifications as well. An average company in the US had to pay $690,000 in notification costs after a breach but the 2017 Cost of Data Breach Study found this was more than double the cost accrued in any other country in the survey.
In Europe, businesses are part of an increasingly centralised set of regulations. This means that in the event of a data breach it is far cheaper to notify consumers. Additionally, European compliance failures cost less than they do for US businesses who have to pay an average of 48% more according to the 2017 Cost of Data Breach Study. Businesses in Europe are already subject to tighter regulations and a new ruling from the General Data Protection Regulation (GDPR) is due next year which will require businesses in Europe to report breaches within 72 hours. Holding businesses to higher standards appears, in the long run, to save money and keep consumer records safer.
The average global cost of a data breach was found to be $3.62 million. Last year’s study put the cost at $4 million so it appears we have seen a 10% decline overall. However, these reduced costs were mostly seen in Europe and the cost in the US rose to $7.35 million, 5% higher than last year. Additionally, it was not only the US who saw an increase in data breach costs. Japan, South Africa and countries in the Middle East all saw the rising costs of a data breach. And while most of the decreasing costs were found in Europe (with the UK, France, Germany and Italy seeing significant decreases), Canada, Brazil and Australia all saw a reduced costs as well.
It is undeniable that data breaches are expensive. However, there are ways in which to mitigate the cost in the event of a successful cyber attack. Firstly, an Incident Response team can save a company $19 on each lost or stolen record because they will be able to identify and contain the breach to reduce its overall impact. The faster the breach is stopped, the less the cost will be. It currently takes an average of six months for companies to identify a breach with another two months to contain it. Organisations who contained a breach in less than a month save an average of $1 million.
All organisations are vulnerable to data breaches. However, those in the healthcare industry continue to be the most expensive breaches with an average of $380 per lost/stolen record. It is the duty of the CEO to keep these records safe and protected, irrespective of the legal requirements. Securing your consumer’s data will also prevent you spending millions of dollars to repair a breach. If you want to find out more about the latest study from IBM, click here to read the full report.