IBM & Ponemon study: Data breach costs rising, now £2.8 mil per incident

IBM Security today announced the results of a global study analysing the financial impact of data breaches to a company's bottom line. Sponsored by IBM and conducted by the Ponemon Institute, the study found that the average cost of a data breach for companies surveyed has grown to £2.8 million, representing a 29 percent increase since 2013.

Cyber-security incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise.

In fact, the study found that companies lose £112 per compromised record. Breaches in highly regulated industries were found to be even more costly, with healthcare reaching £251 per record – a full £70 more than in 2013.

According to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach – saving companies nearly £282,000 on average (or £11 per record).  

In fact, response activities like incident forensics, communications, legal expenditures and regulatory mandates account for 59 percent of the cost of a data breach. Part of these high costs may be linked to the fact that 70 percent of U.S. security executives report they don't have incident response plans in place.

Daniel Miessler, director of advisory services for IOActive told by email that, “The worst kind of reputation damage comes not from incidents, but from the appearance of incompetence or negligence. These are the feelings in customers or investors that can truly harm a company's value over time as it relates to data breach.  In short, breaches are not all the same, and therefore do not affect companies the same. And the difference is mostly about the response by the company and what that response says about the underlying health of their security.”