The recently released 2014 Cost of Data Breach Study by the Ponemon Institute has revealed some rather disturbing statistics. While it’s no surprise that the average cost of a data breach is in the millions, it is surprising that this year’s statistic is a 15% increase on last year’s.
The study involved 314 companies spread across ten different countries, including both the UK and the USA.
Criminal attacks are the most costly
The findings in the study demonstrate that malicious or criminal attacks are the most costly data breach incidents in all ten of the participating countries. With the exception of India, malicious and criminal attacks are also the most common cause of a data breach. The study goes on to say:
“In this year’s study, we asked companies represented in this research what worries them most about security incidents, what investments they are making and the existence of a security strategy.
“According to the findings, the ideal amount to invest over the next 12 months to execute their organization’s security strategy averages $14 million. However, in the next 12-month period, companies anticipate having an average of about half that amount, or $7 million.”
How much to invest in cyber security?
Organisations surveyed by the Ponemon Institute are aware of the threats and the funds they need to invest to protect themselves, but they’re only investing half the amount needed. While allocating financial resources to tackle cyber security is a challenge for many companies, an even bigger challenge is identifying the areas that require investment to yield results. These include the three domains of cyber security: people, process and technology. A Cyber Health Check, for example, can help identify an organisation’s current risk exposure and create a prioritised, cost-effective action plan for managing those risks.