The cost of data breaches has reached a record global high, according to the 2016 Ponemon Cost of Data Breach Study, with an average cost of $221 per breached record, which is a 7% increase on the previous year. In addition, the average annual total cost to organizations is now $7.01 million, another record high since 2011.
Heavily regulated industries, such as health care, life sciences, and financial services had the highest per-capita breach costs.
In addition, the report shows that malicious or criminal acts were the primary cause of data breaches.
- 50% of breaches involved malicious or criminal attacks;
- 23% of breaches were caused by negligent employees;
- 27% of breaches were caused by system glitches.
The average cost of incident detection and escalation processes have also reached a record high, from $0.61 million to $0.73 million in 2016. These processes typically included:
- Forensic and investigative activities;
- Assessment and audit services;
- Crisis team management;
- Communications to the board.
More is spent on indirect costs
Another significant finding is that companies spend more on indirect costs related to breaches than direct costs. Indirect costs refer to time spent by employees on data breach notification or investigations, while direct costs refer to what companies spend to minimize the consequences of a data breach and to assist victims, including engaging forensic experts and law firms for post-event investigations and support.
ISO 27001 can reduce the cost of a breach
Implementing and maintaining an information security management system (ISMS) certified to the internationally recognized data security standard, ISO 27001, is the most effective way of reducing the risk of suffering a data breach.
An ISMS is a systematic approach to managing the security of sensitive information, and is designed to identify, manage, and reduce the range of threats to which your information is regularly subjected.
Achieve certification to ISO 27001 in just 3 months, 100% guaranteed
IT Governance can help organizations with fewer than 20 employees achieve accredited registration to the international information security standard, ISO 27001, in just three months, whatever their location, with our popular ISO 27001 FastTrack Consultancy service.