FoxPointe Security Hub

Data Breach Report Show Cost of Stolen Records

June 3, 2019 by Charlie Wood

data breach report

Data Breach Report

IBM and the Ponemon Institute recently released their annual Cost of a Data Breach report and found, not surprisingly, that the frequency and cost of data breaches are continuing to rise.

The survey was performed over a 12-month period and included feedback from more than 470 companies worldwide. Here are some interesting numbers to note:

  • The average cost of a data breach was $3.86 million
  • The average cost of a lost or stolen record was $148
  • The likelihood of a recurring material breach over the next two years is nearly 28 percent
  • The average time to detect a breach was 197 days
  • The average time to contain a breach was 69 days
  • The implementation and use of basic security protocols cannot prevent a breach, but they can certainly reduce the cost
  • The average cost savings for companies with an incident response team was $14 per record
  • The average cost of a breach for companies that have fully deployed security automation was $2.88 million
  • The average cost without automation was $4.43 million, or a difference of $1.55 million
  • Companies that contained a breach in less than 30 days saved on average $1 million

While no organization is immune to cyber criminals, performing proper due diligence can go a long way in minimizing your risk and impact.  For additional questions associated with risk mitigation, please feel free to reach out to Charlie Wood at FoxPointe Solutions.

Source: https://newsroom.ibm.com/2018-07-10-IBM-Study-Hidden-Costs-of-Data-Breaches-Increase-Expenses-for-Businesses

Charlie Wood is an executive vice president in the firm’s Enterprise Risk Management Division based out of our Rochester, NY office.

This material has been prepared for general, informational purposes only and is not intended to provide, and should not be relied on for, tax, legal, or accounting advice.  Should you require any such advice, please contact us directly.  The information contained herein does not create, and your review or use of the information does not constitute, a consultant-client relationship.