Cost of a Data Breach Continues to Rise

Ponemon's 2015 Cost of Data Breach Study pegs the average cost for a data breach at $3.8 million and malicious attacks as the No. 1 cause of breaches.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

data breaches

As data breaches continue to grow in number globally, so too are the associated costs. The Ponemon Institute's 2015 Cost of Data Breach Study, sponsored by IBM, reports that the average total cost for a data breach now stands at $3.8 million. On a per record basis, the report found that the average cost for each stolen record has risen by 6 percent in the last year from $145 in the 2014 study up to $154 in the new 2015 study.

The 2015 Cost of Data Breach Study includes responses from 350 companies across 11 countries. The cost of a compromised data record varies across different countries, with one compromised record in the United States costing $217, while a compromised record in Brazil costs $78.

The root causes of data breaches also vary.

"We found this year that criminal or malicious attacks as the root cause of data attacks is a growing trend," Larry Ponemon, chairman and founder of Ponemon Institute, told eWEEK. "This year, it's the No. 1 cause of data breaches globally."

The report found that 47 percent of all breaches were caused by malicious or criminal attacks. Twenty-nine percent of data breaches were the result of some form of system glitch, while 25 percent were attributed to human error.

The reality that many organizations need to deal with is that many of the hacker breaches are coming from organized criminal gangs, Caleb Barlow, vice president at IBM Security, told eWEEK. "The only way we're going to make an impact on this is through collaboration," Barlow said.

IBM has been pushing its own vision for security collaboration in recent months, with the announcement of its X-Force Exchange effort.

The 2015 report also analyzed the impact of time on data breach costs. Ponemon said that there is a clear linear relationship between the amount of time it takes to detect and contain a data breach and the associated costs. Ponemon's analysis found that failure to quickly identify a data breach will lead to higher costs.

Ponemon conducts multiple studies over the course of any given year that provide different viewpoints on the state of cyber-security. In October 2014, a Hewlett-Packard-sponsored Ponemon study on the cost of cyber-crime found that that average annualized cost of cyber-crime per organization in the United States was $12.7 million.

"The cost of cyber-crime study actually provides a cost for a cyber-attack; we're not looking at it just from a per record basis," Ponemon said. "With that study, we measure the cost of the attack, and in this new study we're looking at data leakage."

It's important to remember that with the IBM-sponsored 2015 Cost of Data Breach Study, even though criminal and malicious attacks are the leading factor, the majority of breaches come from nonmalicious actions, he pointed out.

One of the key finding in the 2015 report is that board-level involvement in security can reduce the costs associated with a data breach—by approximately $5.50 per record. The likely reason why board involvement reduces cost, according to Ponemon, is because those companies may well have better governance overall around the data protection process.

Sean Michael Kerner is a senior editor at eWEEK and Follow him on Twitter @TechJournalist.

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.