August 30, 2018
Data breaches are nothing new. Unfortunately, they are unwanted events that wreak havoc on North American organizations across industries. As discussed in Part 1 of our series, these breaches constitute a theft of an individual's personal or confidential information, including name, Social Security number, financial data, medical record, or credit card information. While the cost of data breaches can vary, one thing is certain: some industries are at a higher peril than others.
What Is The Cost Of Data Breaches?
IBM Security and Ponemon Institute recently released the 2017 Cost of Data Breach Study: United States. Within this report, it was discovered that the average cost per lost or stolen record that contained vital business data, sensitive personal records, or confidential information had jumped from $221 USD to $225 USD. The cost per record is broken down into $146 USD for indirect costs, including but not limited to a high churn rate post data breach. The direct costs, including the monies needed to resolve the data breach, are $79 USD per record.
The increase in the cost per record subsequently resulted in an increase of the total organizational cost from $7.01 Million USD to $7.35 Million USD. The latter figure represents an all time high over the previous 2011 average of $7.24 Million USD. This increase occurred across industries; however, further scrutiny of the data reveals that certain industries are not only at a substantially higher risk for theft, but also suffer from higher overarching data breach costs.
How Were North American Industries Impacted By Data Breaches?
While organizations across industries suffered from an increase in the data breach costs, there are certain sectors that experienced substantial increases. Of the 572 organizations studied over the past years, the data reveals similar patterns year-over-year. These patterns show that heavily regulated industries often suffer the highest per capita data breach costs. These industries include: health care, financial, industrial, services, and life science. As seen below, all of the aforementioned industries have a higher cost per record than the average $225 USD.
• Health -- $380 USD per record.
• Financial -- $336 USD per record.
• Services -- $274 USD per record.
• Life Science -- $264 USD per record.
• Industrial -- $259 USD per record.
In contrast to the above industries, there are certain sectors that have below average per capita costs. These North American industries include the public sector (i.e. government entities), research, and entertainment companies. The reasons for the discrepancy in industry findings lies in a) the type of information stolen, b) the regulations governing post data breach actions whereby tightly regulated industries have inherently higher costs, and c) the churn rates associated with industries post data breach.
Industries with a higher churn rate post data breach experienced a dramatic increase in total costs. These abnormally high churn rates were once again associated with tightly regulated industries. However, when compared to the aforementioned per record cost, it is important to note that the industries appear in a different order with the financial sector overtaking the top spot from health care.
• Financial -- 7.1 percent churn rate.
• Life Science -- 5.7 percent churn rate.
• Health -- 5.5 percent churn rate.
• Technology -- 5.1 percent churn rate.
• Services -- 4.7 percent churn rate.
From these two data sets, the conclusion can be made that not only will tightly regulated industries experience higher than average data breach costs, but those industries with high churn rates will also spend additional funds on data breaches. The reason for this increase in costs could be due to the type of information that is stolen during a data breach. For example, customers are more likely to lose faith and subsequently abandon financial institutions who fail to protect their sensitive financial (and personal) data from theft. Additionally, records containing sensitive or confidential information, such as financial or medical records, fetch a higher price on the black market, which could be another reason that organizations within these industries suffer from higher than average data breach costs. Regardless, one thing that is certain is that industries with the highest churn rates must focus on preserving their reputation and reemphasizing customer retention if they want to greatly reduce the costs associated with a data breach.
The Bottom Line: Protect Your Valuable Data Assets
Reducing the negative brand and financial impact of a data breach is greatly improved with the right response. This response can and should include enhancing IT security to protect customer and business assets. However, before a data breach even occurs, organizations across industries should take the steps needed to secure their valuable data assets. These steps include implementing a disaster recovery plan, completing security updates, and working with a team of experts to stay abreast of possible threats. Through these actions and state of constant preparedness, North American organizations can prevent, respond to, and reduce the impact of a data breach.
Check out Raritan's High Performance Remote Management Solutions and see how you can protect your business.