IBM and Ponemon Institute has released the 2016 Cost of Data Breach Study: Global Analysis.
In addition to cost data, the global study looks at the likelihood of a company having one or more data breach occurrences in the next 24 months. They estimate a 26 percent probability of a material data breach involving 10,000 lost or stolen records.
According to this year’s findings, organizations in Brazil and South Africa are most likely to have a material data breach involving 10,000 or more records. In contrast, organizations in Germany and Australia are least likely to experience a material data breach.
In this year’s study, 383 companies located in the following 12 countries participated: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia), Canada and, for the first time, South Africa. All participating organizations experienced a data breach ranging from approximately 3,000 to slightly more than 101,500 compromised records. A compromised record is defined as one that identifies the individual whose information has been lost or stolen in a data breach.
The following are the most salient findings and implications for organizations:
Data breaches cost the most in the US and Germany and the lowest in Brazil and India.
The average per capita cost of data breach was $221 in the US and $213 in Germany. The lowest cost was in Brazil ($100) and India ($61). The average total organizational cost in the US was $7.01 million and in Germany $5.01 million. The lowest organizational cost was in India ($1.6 million) and South Africa ($1.87 million).
The cost of data breach varies by industry. The average global cost of data breach per lost or stolen record was $158. However, healthcare organizations had an average cost of $355 and in education the average cost was $246. Transportation ($129), research ($112) and public sector ($80) had the lowest average cost per lost or stolen record.
Hackers and criminal insiders caused the most data breaches. Forty-eight percent of all breaches in this year’s study were caused by malicious or criminal attacks. The average cost per record to resolve such an attack was $170. In contrast, system glitches cost $138 per record and human error or negligence was $133 per record. Companies in the US and Canada spent the most to resolve a malicious or criminal attack ($236 and $230 per record, respectively). India spent far less ($76 per record).
Malicious or criminal attacks vary significantly by country. Sixty percent of all breaches in the Arabian Cluster and 54 percent of all breaches in Canada were due to hackers and criminal insiders. Only 37 percent of all data breaches occurring in South Africa were due to malicious attacks. Instead, South African companies had the highest percentage of human error data breaches and Indian organization were most likely to experience a data breach caused by a system glitch or business process failure (37 percent and 35 percent, respectively).