1Breaches From Malicious or Criminal Attacks More Costly Than Average
Data breaches that resulted from malicious or criminal attacks were more expensive than average and took a long time to detect and contain, a new study finds.
2Average Cost Per Breached Record Is Highest in the U.S.
Globally, the average cost per lost or stolen record was $158 in 2016, but in the United States, the cost was significantly higher, at $221 per record.
3Global Average Breach Costs for 2016: $4M
On a total cost perspective, breaches in the United States are the most expensive in the world, coming in at $7.01 million. Globally, the average for 2016 was reported at $4 million.
4Malicious Attacks Trigger Less Than Half of Breaches
A little more than half (52 percent) of breaches were the result of either a system glitch (27 percent) or human error (25 percent), while the root cause of 48 percent of all breaches was a malicious or criminal attack.
5Breaches Caused by Human Error Are the Least Expensive
The costs per lost or stolen record vary depending on the root cause of a breach. For breaches where the root cause was found to be a malicious or criminal attack, the cost per record was $170.
6It Takes 201 Days to Identify a Breach
The Ponemon Institute study found that in 2016 it took 201 days for organizations to identify that a breach had occurred and then 70 days to contain the breach.
7Breach Identification Time Varies by Root Cause
It takes less time for an organization to discover and contain a breach that was the result of human error than one that was the result of a malicious or criminal attack. Breaches triggered by human error took 162 days to detect and 59 days to contain, while breaches where the root cause was a malicious attack took 229 days to detect and 82 days to contain.
8Incident-Response Teams Can Lower Breach Costs
One of the key findings of the report this year was that there are multiple tasks that an organization can undertake to reduce the cost of each lost or stolen record. By having an incident-response team in place, an organization can lower the cost per stolen record by $16.