For years, the Ponemon Cost of a Data Breach Study has reported a steady increase in breach costs, but surprisingly that's not the case in the 2017 edition of the report, sponsored by IBM.
"Overall when you look at the report, the good news is that the overall cost of a data breach is down," Wendi Whitmore, global lead of IBM X-Force IRIS (Incident Response & Intelligence Services), told eWEEK.
Globally the study reported that the average cost of a data breach is $3.62 million, which is a 10 percent year-over-year decrease from the 2016 report. The average cost of a lost or stolen record globally now stands at $141. Health care industry breaches were once again reported to be the most costly globally, at $380 per record.
While breach-related costs declined as a global average, not every region of the world experienced a cost decline. In the United States, breach costs actually rose 5 percent year-over-year to $7.35 million.
As to why costs in the U.S, are higher than in other parts of the world, there are multiple reasons. Whitmore more said there is an impact that U.S. regulations are having on breach costs, though with the General Data Protection Rule (GDRP) set to debut in Europe in 2018, it's unclear if European costs will rise next year as well.
The 2017 study reported that the mean time to identify (MTTI) a breach globally was 191 days, with the mean time to contain (MTTC) a breach coming in at 66 days. The time it takes to both identify and contain a breach are highest for malicious criminal attacks, extending the time to detect to 214 days and time to contain to 74 days. In contrast, the time to detect decreased to 168 days for human error, with the mean time to contain declining to 54 days.
Globally, 47 percent of breaches analyzed in the 2017 report were attributed to malicious or criminal attacks.
As was the case in 2016, the 2017 report found that having an incident response team in place lowers the cost of a breach by improving breach response speed.
"Having an incident response team can also help an organization to detect breaches," Whitmore said. "When we talk to our clients, we talk about putting in place a layered defensive approach to detect potential hacker activities."
Whitmore added that by reducing the time an attacker has to operate in an environment, the potential impact can also be reduced.
Looking at the root cause vulnerabilities that trigger breaches, the 2017 Ponemon Cost of Data Breach Study does not provide much visibility. That said, Whitmore noted that in her experience, zero-day vulnerabilities typically represent less than 2 percent of all data breaches.
"That doesn't mean the other 98 percent is bad hygiene," Whitmore added. "It could mean that organizations are being breached by vulnerabilities that they have difficulty patching."
Whitmore added that breaches can also occur when attackers are able to exploit default configurations and install backdoor web shells. In many cases investigated by IBM X-Force IRIS, Whitmore said the root attack vector is some form of spear phishing attack or email compromise.
In addition to having an incident response team to help reduce breach costs, Whitmore is also an advocate of endpoint detection and response (EDR) technology.
"As long as there is money to be made from attacks, attackers will keep finding new ways to breach organizations, and EDR tools are not a silver bullet," Whitmore said. "But as part of an overall balanced strategy, EDR does provide a very positive benefit to help organizations identify and protect themselves."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.