How much does a cyber breach cost?
How much does a data breach actually cost? IBM sponsored the Ponemon Institute to research (the report can be viewed at http://www-03.ibm.com/security/data-breach) and answer the question “What is the cost of a cyber breach in 2015?” The research encompassed over 350 organizations across 11 countries. The question is a complex one, with many interconnected factors such as:
- Size of the company: small, medium, large, enterprise
- Industry of the company: retail, healthcare, manufacturing, etc.
- Regulations that apply to the specific industry
- The business’ proprietary information
Some of the key findings from the white paper are:
- The average cost of a breach is $3.8 million
- The average cost per stolen record is between $145 and $154
Costs vary per industry and country involved:
- The U.S. has the highest per record costs, averaging $217
- The average number of records stolen per incident is 28,000
- The average cost for a U.S. cyber breach is over $6 million
- Health per record cost: $363
- Pharma per record: $220
- Financial services per record: $215
- Manufacturing per record: $155
The elements used to determine the costs were direct and indirect expenses:
- Engaging a forensic expert
- Outsourcing hotline support
- In-house investigations
- Decreased revenues from customer loss
- Increased cost to create new customers
According to First Data Corporation’s report, Small Business Cost of a Data Breach, small businesses experience on average a 30% loss of customers due to a breach.
Direct and indirect costs represent a higher percentage of small business’ revenue. A small biotech developing a new drug, treatment, or device likely cannot afford a breach. The loss of intellectual property can destroy the business.
Businesses cannot afford to disregard cybersecurity. The average cost of a cyber breach can devastate a business, especially a small business. Organizations must become more security conscious and test their networks and processes regularly to ensure they can withstand a potential incident. They must create a security plan as well as a disaster recovery plan. Businesses must be remain vigilant to keep out the criminals trying to break in. As the saying goes, an ounce of prevention is worth a pound of cure.BACK TO BLOGS