The odds of experiencing a data breach are increasing
The percentage chance of experiencing a data breach within two years was 29.6 percent in 2019, an increase from 27.9 percent in 2018. In 2014, organizations had a 22.6 percent chance of experiencing a breach within two years. In the span of six years, the likelihood of experiencing a breach within two years grew by 7 percentage points (700 basis points), representing a 31 percent increase in the odds of experiencing a breach within two years. In other words, organizations today are nearly one-third more likely to experience a breach within two years than they were in 2014.
How to calculate the potential cost of a Data Breach
The average global breach cost has risen to $3.92 Million for 2019. Although the method used here is quite simplistic, we can estimate the total cost of a Data Breach by evaluating the ‘Cost per Breached Record’ (right), and the number of personal or patient records held by your organization.
For example, in the healthcare industry, the per-record cost of $429 can be used to estimate the total cost of the breach:
$429 x 9,138 records = $3.92 Million
Industries such as healthcare and financial organizations have a per record data breach cost substantially higher than the overall mean of $150. Public sector, research, retail and hospitality have a per record cost well under the overall mean value. It is important to note that the highest per record cost of $429 is experienced by healthcare organizations. A reason for the much higher cost is the fact that all healthcare companies in this study are located in the United States, which has the highest per record cost. In other countries, healthcare is classified as a public sector organization.
How does the $3.92M breach cost break down?
Detection and Escalation: Activities related to understanding the breach, including digital forensics, root cause analysis, Incident Response services, risk assessments, and subsequent auditing services.
Notification: Disclosure of the data breach to both victims and regulators.
Post-Breach Response: Security monitoring and remediation, legal expenditures, regulatory interventions (fines), communication with clients, special investigations, product discounts, and identity protection services.
Lost business: Activities associated with the cost of lost business, including revenue loss, business disruption, system downtime, increased customer acquisition cost, reputation losses, and diminished goodwill.