Breaches From Malicious or Criminal Attacks More Costly Than Average

1 - Breaches From Malicious or Criminal Attacks More Costly Than Average
2 - Average Cost Per Breached Record Is Highest in the U.S.
3 - Global Average Breach Costs for 2016: $4M
4 - Malicious Attacks Trigger Less Than Half of Breaches
5 - Breaches Caused by Human Error Are the Least Expensive
6 - It Takes 201 Days to Identify a Breach
7 - Breach Identification Time Varies by Root Cause
8 - Incident-Response Teams Can Lower Breach Costs
1 of 8

Breaches From Malicious or Criminal Attacks More Costly Than Average

Data breaches that resulted from malicious or criminal attacks were more expensive than average and took a long time to detect and contain, a new study finds.

2 of 8

Average Cost Per Breached Record Is Highest in the U.S.

Globally, the average cost per lost or stolen record was $158 in 2016, but in the United States, the cost was significantly higher, at $221 per record.

3 of 8

Global Average Breach Costs for 2016: $4M

On a total cost perspective, breaches in the United States are the most expensive in the world, coming in at $7.01 million. Globally, the average for 2016 was reported at $4 million.

4 of 8

Malicious Attacks Trigger Less Than Half of Breaches

A little more than half (52 percent) of breaches were the result of either a system glitch (27 percent) or human error (25 percent), while the root cause of 48 percent of all breaches was a malicious or criminal attack.

5 of 8

Breaches Caused by Human Error Are the Least Expensive

The costs per lost or stolen record vary depending on the root cause of a breach. For breaches where the root cause was found to be a malicious or criminal attack, the cost per record was $170.

6 of 8

It Takes 201 Days to Identify a Breach

The Ponemon Institute study found that in 2016 it took 201 days for organizations to identify that a breach had occurred and then 70 days to contain the breach.

7 of 8

Breach Identification Time Varies by Root Cause

It takes less time for an organization to discover and contain a breach that was the result of human error than one that was the result of a malicious or criminal attack. Breaches triggered by human error took 162 days to detect and 59 days to contain, while breaches where the root cause was a malicious attack took 229 days to detect and 82 days to contain.

8 of 8

Incident-Response Teams Can Lower Breach Costs

One of the key findings of the report this year was that there are multiple tasks that an organization can undertake to reduce the cost of each lost or stolen record. By having an incident-response team in place, an organization can lower the cost per stolen record by $16.

Top White Papers and Webcasts