Page 33 - Cyber Warnings
P. 33
The total average organizational cost of data breach reaches a new high. In the
past 11 years, the most costly organizational breach occurred in 2011, when companies
spent an average $7.24 million. In 2013, companies experienced a net decrease in total
data breach cost to $5.40 million. This year, the total average cost is $7.01 million.
Measures reveal why the cost of data breach increased. The average total cost of a
data breach grew by 7 percent and the average per capita cost rose by 2 percent.
Abnormal churn of existing customers increased by 3 percent. In the context of this
paper, abnormal churn is defined as a greater than expected loss of customers in the
normal course of business. The average size of a data breach (number of records lost or
stolen) increased by 5 percent.
Certain industries have higher data breach costs. Heavily regulated industries such
as healthcare, life science and financial services, tend to have a per capita data breach
cost substantially above the overall mean of $221. In contrast, public sector
(government), hospitality and research had a per capita cost well below the overall mean
value.
Malicious or criminal attacks continued to be the primary cause of data breach.
Fifty percent of incidents involved a malicious or criminal attack, 23 percent of incidents
were caused by negligent employees, and 27 percent involved system glitches that
included both IT and business process failures.
Malicious attacks were most costly. Companies that had a data breach due to
malicious or criminal attacks had a per capita data breach cost of $236, significantly
above the mean of $221. In contrast, system glitches or human error as the root cause
had per capita costs below the mean ($213 and $197, respectively).
Certain industries were more vulnerable to churn. Financial, health, technology, life
science and service organizations experienced a relatively high abnormal churn and
public sector, media and research organizations tend to experience a relatively low
abnormal churn.
The more records lost, the higher the cost of data breach. This year, companies that
had data breaches involving less than 10,000 records, the average cost of data breach
was $4.9 million and those companies with the loss or theft of more than 50,000 records
had a cost of data breach of $13.1 million.
The more churn, the higher the per capita cost of data breach. Companies that
experienced less than 1 percent churn, or loss of existing customers, had an average
organizational cost of data breach of $5.4 million and those experiencing churn greater
than 4 percent had an average cost of data breach of $12.1 million.
Certain industries were more vulnerable to churn. Financial, health, technology, life
science and service organizations experienced a relatively high abnormal churn and
public sector, media and research organizations tend to experience a relatively low
abnormal churn.
33 Cyber Warnings E-Magazine – August 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide