New research from IBM and the Ponemon Institute has revealed that data breaches now cost an average of $4 million, up a startling 29% since 2013.
Part of that rise is the frequency and sophistication of the threats organizations are facing; IBM recorded 64% more attacks in 2015 compared to the previous year. Much of the $4 million (£2.8 million, €3.6 million) cost, 59% in fact, represents costs associated with cleaning up the incident, such as incident forensics, communications, legal expenditures and regulatory mandates.
Businesses now lose on average $158 (£112, €141) for every record that is compromised. That figure depends on the industry. Healthcare for example is more costly, up to $355 (£251, €318) per record. Interestingly, companies in the public sector had the lowest cost per breach at just $80 (£56, €71).
Breaking costs down into certain countries, the report suggests data breaches are most costly in America, where the average is now $7.01 million, followed by Germany at $5.01 million (£3.55 million, €4.48 million) and Canada at $4.98 million (£3.53 million, €4.46 million).
The UK sits fifth on the list, with breaches costing an average of $3.95 million (£2.8 million, €3.54 million). India sits at the bottom of the list of countries analyzed for this report; breaches there cost $1.6 million (£1.13 million, €1.43 million).
According to the report, what is really driving up the cost of breaches is the amount of time it takes organizations to react; the slower the reaction, the higher the cost, IBM says. Breaches identified within 100 days cost an average of $3.23 million (£2.29 million, €2.89 million), while after that 100 day mark the cost goes up by over $100 million on average.
IBM said the average amount of time taken to identify a breach was 201 days, and it took on average 70 days to contain a breach.
The report also found that using an incident response team drastically reduced the cost of a data breach. An average of $400,000 or $16 per record was saved by using an incident response team. The problem is that not many businesses have one in place, which is one reason for the rising breach costs, IBM said.
“The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don’t have a plan in place to deal with this process efficiently,” said Ted Julian, vice-president, Resilient an IBM Company. “While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event.”
“Over the many years studying the data breach experience of more than 2000 organizations in every industry, we see that data breaches are now a consistent 'cost of doing business' in the cybercrime era," said Dr. Larry Ponemon. "The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”