Organizations in the U.S. spend $8.64 million responding to data breaches, which is more than double the global average.
This finding comes from Ponemon Institute’s Cost of a Data Breach Report 2020, which provides annual analyses into data security practices across the globe.
The report also found that the health sector spends the most on data breach recovery, with an average of $7.13 million. By comparison, the cost across all sectors is about $3.86 million.
The good news is that the cost of a data breach has decreased slightly compared to last year, which Ponemon’s researchers say is because organizations are getting better at strengthening their cyber defenses and incident response capabilities.
What are the costs of a data breach?
The report found that each breached piece of personally identifiable information costs organizations about $150. If the incident is caused by a cyber attack, as opposed to an internal error, the average costs increases to $175.
However, the loss of data is only one element when calculating the cost of a data breach. Ponemon highlights 17 factors, including:
- The strength of an organization’s incident detection capabilities
- Its crisis management response
- The effectiveness of customer service
- Regulatory penalties
- Organizations’ ability to restore their reputation
How to reduce the cost of a cyber attack
Ponemon also highlights the relationship between the cost of a data breach and the time it takes organizations to contain it.
The researchers found that organizations take 280 days on average to detect and respond to an incident. However, those that can complete this process within 200 days save about $1 million.
The best way to do that, the researchers found, is to implement automated tools to help detect breaches and suspicious behavior.
Organizations that used artificial intelligence and analytics had the most success mitigating the costs of data breaches. They were able to reduce the cost of the recovery process to $2.45 million on average.
By contrast, organizations that didn’t implement such measures spent more than twice that, with an average cost of $6.03 million.
This is a lesson that organizations are gradually taking on board. The report found that the proportion of organizations that have implemented measures such as artificial intelligence platforms and automated tools has increased from 15% to 21% in the past two years.
However, if organizations in the U.S. and the rest of the world are to stem the rising threat of cybercrime, everyone must do their part.
That means organizations must get the backing of their boards to ensure they receive the funding they need to properly address cybersecurity.
You can find why board-level approval is so important, and how to persuade senior staff to give you backing, by reading Cybersecurity – An issue for the board.
This free green paper explains:
- Why the regulatory environment and the prospect of fines makes cybersecurity and data protection a board-level concern
- How your organization will suffer if you don’t take an active interest in cybersecurity
- How cybersecurity is at its most effective when taking a top-down approach
- How the international information security standard, ISO 27001, can help directors and their organizations meet their cybersecurity requirements