Lately, it seems as though we are seeing a new data breach every day. The list of breach victims just keeps on growing – from government agencies to retail stores – it's becoming quite clear that no one is one hundred percent out of the woods and breach-proof. Verizon even found a 55 percent year-over-year increase of confirmed data breaches in its annual Data Breach Investigations Report, and a 26 percent jump in security incidents as a whole. As the hacker community continues to grow, so does the number of data breaches, and ultimately, so does the cost.
In fact, according to a recent global analysis by IBM and the Ponemon Institute, the average total cost of a data breach this year has climbed to $3.79 million – that's a 23 percent increase since 2013. Adding to the issue, in 2014 the average cost paid globally for each lost or stolen record containing sensitive data increased from $145 to $154. According to Verizon, however, this number really depends on the total number of records compromised during the security incident.
Why are we seeing this spike?
Well, there are several factors we could go through to configure the puzzle that is a data breach, but there are three key reasons identified in IBM's research that have contributed to the global increase in cost.
- Increased frequency in cyber-attacks and cost to remediate the consequences. Last year, experts gathered that 42 percent of root causes of a data breach were those of malicious and/or criminal intent. This year: 47 percent. Last year, these breaches cost an average of $159 per record. This year: $170 per record.
- The consequence of losing business as a result of these attacks is having a greater impact on the cost of a breach. This year we've seen an abnormal customer turnover rate at these organizations, causing even more of a financial burden than the breach alone. The report finds that the average cost of lost business has jumped from $1.33 million to $1.57 million – nearly a 20 percent jump. It should come as no surprise that this increased loss of business can be attributed to the growing awareness by consumers of identity theft and will to protect their personal data, which has led to abnormal customer turnover rates, increased customer acquisition activity, reputation losses and damaged good will. And finally;
- Data breach costs associated with detection and escalation have increased from an average of $.76 million to $.99 million, a 30 percent increase. Such costs usually include forensic and investigative activities, audit and assessment services, crisis communications and management, which we're seeing more and more companies adopt with each breach. Companies want full transparency into their organization's attack, which requires the use of such tools.
How can enterprises address these high costs?
To start, we are starting to see more action and involvement from the higher-ups: the board of directors. In fact, this report states that board involvement can actually bring the average per-record cost of a data breach down by $5.5. Additionally, we're seeing an increase in the purchase of cyber-insurance, which can reduce this average per-record cost by another $4.4.
It will also help to have the business continuity management team play a role in the remediation, as their involvement can help bring down the average cost by $7.10 per compromised record.
Finally, it's key to have an incident response team in place as experts have deducted that the time it takes to identify and contain a data breach greatly affects the cost of said breach. Malicious attacks are taking teams an average of 256 days to identify, while those caused by human error typically take an average of 156 days, and as pointed out earlier, malicious attacks often cost much more than the latter.
Where does the network come into play?
This report is yet another example proving the need and importance of network security policy orchestration and management, which provides organizations with the cyber-defense capabilities they need to fend off hackers and lower the cost of today's data breaches.
By better managing the security of their networks, enterprises can immediately gain greater visibility and insight across their entire heterogeneous IT environments by providing them with a single pane of glass for viewing and managing security policies across the network. When organizations have visibility, they have control. It becomes much easier to identify security incidents earlier on, therefore streamlining the remediation process and cutting the outrageous time and costs associated. Furthermore, by building and managing the right network segmentation, enterprises can reduce the attack surface, and harden breach attempts.