Data Breach Trendwatch: Cybersecurity Report Points to a Bleak 2020

All posts

Will data breaches cost more or less in 2020?

If findings from a recent report are an indication of what’s to come, costs of breaches will continue to rise.  

IBM and the Ponemon Institute recently published their joint Cost of a Data Breach Report, which reviews the yearly trends in cybersecurity breaches and the financial toll they exact. See previous coverage.

Based on in-depth interviews with more than 500 companies around the world who experienced a data breach between 2018 and 2019, the study takes into account hundreds of cost factors—legal, regulatory, and technical activities, loss of brand equity, customer turnover, and many more.

The report sheds light on two dire trendlines: not only are data breaches becoming more common, they’re also getting more expensive. 

Check out the report takeaways below.

Data Breaches By The Numbers

  • $3.92 million: the global average cost of a data breach in 2019
  • 25,575: average number of records compromised
  • 29.6%: The odds of experiencing a data breach, a year-over-year increase of 2%
  • $5.1 million: the total cost for companies with more than 25,000 employees
  • $2.65 million: the total cost for companies with 500–1,000 employees.
  • $1.4 million: the cost of post-breach customer turnover
  • $150: the average cost for each lost or stolen record containing confidential information, an increase of 4.8%
  • 279 days: time it took to identify and contain the breach
  • $6.45 million: the cost of data breaches in healthcare, the highest among the industries studied

What Affects the Cost of a Data Breach?

Costs of a breach can also vary based on organizational and security characteristics with direct impact on breach severity, including the complexity of security environments, the testing of incident response plans, and the coordination of development, security, and IT operations functions (DevSecOps), according to the report.

Selected factors, and their effects on the overall cost, are listed below.

Cost Mitigators:

    • Formation of an Incident Response Team (-$360,000)
    • Business Continuity Management (-$280,000)
    • Employee Training (-$270,000)
    • Board-Level Involvement (-$180,000)

Cost Amplifiers: 

    • Third Party Breach (+$370,000)
    • Compliance Failures (+$350,000)
    • System Complexity (+$290,000)
    • Extensive Use of Mobile Platforms (+$270,000)

Ultimately, lost business was the biggest contributor to data breach costs. The average cost of lost business in the 2019 study was $1.42 million (or 36 percent of the total average cost of $3.92 million). The study found that breaches caused abnormal customer turnover of 3.9 percent.

The Time Factor

The report also uncovered two ways in which the time dimensions of a data breach have shifted. 

For one, the average length of a data breach lifecycle—the amount of time from when the breach is identified to when it’s contained—has gotten longer. On average, the identification of a breach took 206 days and containment took 73 days, for a total lifecycle of 279 days. This represents a 4.9 percent increase over the 2018 breach lifecycle of 266 days. Of course, the faster a data breach can be identified and contained, the lower the costs. Breaches with a lifecycle of less than 200 days were $1.22 million less costly than those with a lifecycle of more than 200 days ($3.34 million vs. $4.56 million respectively), a difference of 37 percent.

Second, the effects of a data breach were determined to be more persistent than previously thought. Indeed, the “long tail” effect could be felt for years after the incident itself, with about one-third of data breach costs occurring more than one year after the incident itself. 11 percent of the cost occurred more than two years after the breach. 

How LogicGate can help

Clearly the potential losses can be staggering, yet managers continue to struggle with gaining internal buy in and funding for  risk management tools. Earning board and executive support requires more than basic ROI metrics—it also requires a vigorous business pitch to convince leaders that allocating resources to GRC will help improve strategic decisions and bolster corporate resilience. The numbers in the Cost of a Data Breach Report help paint that picture.

If you want to avoid fines, customer churn, and reputation damage, you’ll need some help. LogicGate’s IT Risk Management platform is a robust, scalable system that automates risk management processes across your organization. Implementing a tool such as LogicGate can help your IT Security team manage critical assets, define potential risks, assess threat levels, and put processes and controls in place to mitigate those risks and threats. LogicGate empowers your organization to prepare for and protect against data breaches, ultimately reducing potential risks and costs, and enabling your business to focus on business.

All posts

Related Posts

View all posts