The total costs to businesses as a result of data breaches continue to rise, as a new survey has revealed the average expense incurred has climbed by 23 per cent over the last two years, to $3.8 million.
This is the headline figure from the Ponemon Institute's annual Cost of a Data Breach Study for 2015, sponsored by IBM. It also revealed that the average cost per compromised record has increased from $145 to $154 - a rise of six per cent.
Chairman and founder of the institute Larry Ponemon said the survey highlighted three key reasons why the costs of security incidents continue to rise.
"First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents," he stated. "Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management."
However, there are steps that organisations can take to minimise their expenses. For instance, the report highlighted that purchasing insurance and getting high-level employees involved in security issues can both help make any breach less costly.
The research found that having board-level involvement reduces the average cost of a compromised record by $5.50, while insurance protection also cuts the cost by $4.40.
Similarly, business continuity management plays an important role in reducing the cost of data breach. Having such programmes involved in the remediation of a breach can reduce the cost by an average of $7.10 per compromised record.
Other factors involved in the final cost of a breach include the time taken to identify intrusions. The Ponemon study observed that malicious attacks can take an average of 256 days to spot, while data breaches caused by human error take an average of 158 days to identify. As the former are the most costly data breaches, swift detection of breaches may be one of the best things businesses can do to keep their expenses to a minimum.
Marc van Zadelhoff, vice-president of strategy at IBM Security, commented that the all-time high costs now being seen as a result of data breaches reflected the growing sophistication and collaboration of cyber criminals. Therefore, a similar response is needed from the industry to meet this threat.
He said: "The industry needs to organise at the same level as hackers to help defend themselves from these continuing attacks. The use of advanced analytics, sharing threat intelligence data and collaborating across the industry will help to even the playing field against attackers while helping mitigate the cost to commerce and society."
The survey also revealed how the total cost of a data breach varies by industry and country. Businesses in the healthcare sector may be most at risk, as the average cost per compromised record could be as high as $363. Meanwhile, for education organisations, the figure is $300, while the lowest costs are seen in the transportation ($121) and public ($68) sectors.
It also revealed the most costly breaches occur in the US and Germany at $217 and $211 per compromised record, respectively. India ($56) and Brazil ($78) have the least expensive breaches.