Each year, the Ponemon Institute conducts a comprehensive study on the cost of data breaches among companies in the USA. The 2014 study contains some startling statistics about trends among corporate breach victims. These statistics illustrate the real that network security admins face, as well as the data they protect. Ponemon discovered that not only do breaches cost more to remediate, but companies are losing customers at a higher rate following data breaches. Between 2013 and 2014 the average loss of customers who were directly affected by the data breach increased an alarming 15%.
The Scope of the Problem
Ponemon reports that the average number of records stolen per breach was 29,000, with some of the more high-profile breaches numbering into the millions of records. This number becomes more disconcerting when you consider that the average cost for businesses for each lost or stolen record containing sensitive and confidential information is now $201. This means that the total average cost paid by organizations victimized by breaches stands at $5.9 million.
Perhaps the most alarming statistic in the report is the fact that the average company now has a 19% chance of suffering from a material data breach over the next two years involving a minimum of 10,000 records. For public sector organizations the risk is even higher.
The following remediation responses have a noted effect on the ultimate cost of a breach:
- Having business continuity management involved reduces the cost by an average of $13 per compromised record
- A strong security posture prior to the breach reduces the cost per record by $21
- A formal incident response plan in place prior to the incident reduces the cost by $17 per record
- Appointing a CISO to lead the data breach incident response team reduced per capita cost by $10
Conversely, a couple typical responses that lead to greater cost of breaches are:
- Hiring consultants (Since you are now piling their fee on top of other costs)
- Premature announcements regarding breaches (Trying to get out in front of a breach by quickly “owning up to it” before gathering all the facts can often backfire in a variety of ways)
Establishing an action plan prior to a breach can have a dramatic effect in mitigating the impact and costs of the incident. One of the surest ways to prevent a breach in the first place is the proper implementation of encryption across your enterprise since SSL Certificates are a critical component of your network security. Properly securing your corporate infrastructure is dramatically more cost efficient than trying to perform damage control after a breach.