Protecting data isn't cheap, but neither is dealing with a data breach.
According to the Ponemon Institute's ninth annual global study on data breach costs, the average total price tag of a breach increased 15 percent to $3.5 million. The research, which focused on 314 companies across 10 countries, found that the cost incurred for each lost or stolen record containing sensitive and confidential information stood at $145, nine percent more than the cost noted in the previous report.
"The goal of this research is to not just help companies understand the types of data breaches that could impact their business, but also the potential costs and how best to allocate resources to the prevention, detection and resolution of such an incident," said Dr. Larry Ponemon, chairman and founder of Ponemon Institute, in a statement. "This year’s Cost of Data Breach Study also provides guidance on the likelihood an organization will have a data breach and what can be done to reduce the financial consequences."
All the companies that participated in the study had experienced a data breach ranging from a low of 2,400 compromised records to a high of slightly more than 100,000. The organizations were spread across the U.S., U.K., Germany, Australia, France, Brazil, Japan, Italy, India, the UAE and Saudi Arabia. The most expensive data breaches occurred in the U.S. and Germany, and cost $201 and $195 per compromised record, respectively.
The most common root causes of data breaches differed from country to country and affected the cost of the breach. Countries in Germany and the Arabian region had more data breaches caused by malicious or criminal attacks than other reasons, while India had the most data breaches caused by system glitches or business process failures. Human error was the most often cited cause in the U.K. and Brazil.
The U.S. and Germany paid the most for breaches caused by malicious or criminal attacks, with a price tag of $246 and $215 per compromised record, respectively. The cost per record for that kind of breach was lowest in India, where it averaged $60 per record.
On average, the involvement of business continuity management reduced the cost of a breach by $9 per record. The appointment of a chief information security officer to lead the data breach incident response team reduced the cost of a breach by more than $6.
The countries that lost the most customers following a data breach were France and Italy, while companies in Brazil and the Arabian region experienced the lowest loss of customers.
"A data breach can result in enormous damage to a business that goes way beyond the financials," said Kris Lovejoy, general manager of IBM Security Services Division, in a statement. "At stake is customer loyalty and brand reputation."
Related Reading: Preparing for the Inevitable Data Breach