The True Cost and Causes of a Data Center Breach: Part 1

Jessica Ciesla
July 25, 2018

For the past few years, data breaches have run rampant amongst the news headlines. These breaches are defined as events whereby an individual's personal information, such as their name, Social Security number, financial or medical record, banking credentials, or credit card is put at risk or stolen. Recent studies have revealed that data breaches are either the result of an internal or external malicious attack, system error, or human error. While the causes of data center breaches vary, the result is typically costly for any organization.

Why Do Data Breaches Occur And Who Is Behind These Types Of Attacks?

Malicious attacks are usually the most costly type of data center breach, which is one of the reasons that this type of theft has become popularized over the last few years. In fact, up to 52 percent of data breaches are the result of a malicious or criminal attack. Of these cases, up to 24 percent of incidents were due to the result of human error, typically in the form of employee negligence. Another 24 percent of data breaches were caused by system glitches in the form of an IT malfunction or a business process failure. 

What Factors Contribute To The Overarching Cost Of A Data Breach? 

The cost of a data breach varies depending on the following six factors. Organizations should study the impact of these factors to better understand where resources should be allocated to minimize the negative financial impact of a data breach.

1.    The unplanned loss of customers (churn rate) in the days, weeks, and months following a data breach.
2.    The size of the data breach, as defined by the number of records that were lost, stolen, or held ransom.
3.    The amount of time it takes to first identify and then contain the data breach.
4.    In conjunction with factor number three, the manner with which an IT security team detects and escalates the data breach incident can greatly impact the overall cost.
5.    Immediate post data breach costs; for example, the cost to notify victims.
6.    The root cause of the data breach can greatly impact the cost. For example, a malicious insider or an outside criminal attack is typically far more costly than a data breach that is caused by a system glitch or human error.

What Were The Findings Across North American Industries?

IBM Security and Ponemon Institute recently released the 2017 Cost of Data Breach Study: United States. This study found that the average cost for each lost or stolen record from a data breach had increased to $225. Additionally, the average total cost of a data breach for organizations across industries had increased to $7.35 Million USD. Of the 572 organizations studied, the following findings were released:

1.    Data breach costs have reached a record high. -- The cost per stolen record is at an all-time high with an average cost of $225. This cost is broken down to $146 in indirect costs, such as high churn rates, and $79 in direct costs, such as legal fees or investing in enhanced levels of technologies or IT security. 
2.    The total organizational cost of data breaches are at an all-time high. -- Similarly to the increased cost per record, the overall organizational cost has reached a new high with an average of $7.35 million USD spent per data breach. To put this figure into perspective in 2013 the average organizational cost per data breach was $5.40 Million USD. Prior to that, the highest average organizational cost occurred in 2011 when an average of $7.24 Million USD was spent. Unfortunately, these numbers still pale in comparison with this year's findings.
3.    The cost of the data breach increases when there are more records lost and / or a higher churn rate. -- When organizations lost fewer than 10,000 records, the average total cost of the data breach was $4.5 Million USD. However, when the average number of records lost was more than 50,000 the cost of the data breach increased dramatically to $10.3 Million USD. Similarly, when companies experienced a churn rate of less than one percent, the average total cost of the data breach was $5.3 Million USD. If the churn rate exceeded four percent, then the average total cost of the data breach jumped to $10.1 Million USD. In short, the number of records lost and the churn rate greatly impacted the overarching cost of the data breach.
4.    Some industries are more vulnerable to high churn rates. -- There are certain industries that can expect high churn rates after a data breach. The top industries impacted by abnormally high churn rates post data breach include: financial, health, technology, life science, and service organizations. Conversely, industries that experienced low churn rates included entertainment and the public sector.
5.    Higher data breach costs are inherent to certain industries. -- Heavily regulated industries, such as health care and financial services, have higher data breach costs on average.

For example, the health care sector experiences an average $380 USD cost per record, while the financial industry experiences an average $336 USD cost per record. To put these figures into perspective, remember that the average cost per record is $225 USD with low cost industries, such as the public sector experiencing an average cost of $110 USD per record.

The Bottom Line: Protect Your Vital Business Data

Data center breaches will continue to happen. Through the right IT security solutions and a continuous state of preparedness, organizations can better prevent, respond to, and recover from a data breach. 

Check out Raritan’s Secure Server and IT Infrastructure Management solutions and see how you can protect your business. 
 

###

Sources:

• Ponemon Institute© Research Report "2017 Cost of Data Breach Study"