On average, organisations have a 27.7% chance of suffering a material data breach in the next two years, according to Ponemon Institute’s 2017 Cost of Data Breach Study.
A material data breach involves at least 1,000 lost or stolen records containing customers’ personal information.
Cost of a data breach
Although material data breaches are reportedly more likely than a year ago, the average cost of a breach has decreased from $4 million (about £3.13 million) last year to $3.62 million (about £2.83 million). The average cost of each lost or stolen record containing sensitive and confidential information decreased from $158 (about £123.52) last year to $141 (about £110).
Approximately 48% of this decline (about $8 or £6.25) is due to the strength of the US dollar in the past year, Ponemon Institute claims.
These figures don’t necessarily mean that organisations are getting better at protecting data. In fact, they indicate that approximately 350 more records were lost or stolen per breach this year compared to 2016.
For the third year in a row, the study found a relationship between the speed at which an organisation identifies and contains a data breach and how much they cost. The average time to identify a breach was 191 days (with a range of 24 to 546 days) and the average time to contain a breach was 66 days (with a range of 10 to 164 days).
Some countries are more vulnerable
Ponemon Institute reports that organisations in certain countries are more likely to suffer a data breach. Over the past four years, South Africa and India have had the highest estimated probability of a data breach, followed by Australia, the Association of Southeast Asian Nations and the UK.
Germany and Canada currently have the lowest likelihood of a breach.
How resilient is your organisation?
Even the most secure organisations can suffer data breaches. Attacks are frequent enough that organisations need to accept that one will eventually be successful. That’s why an organisation’s resilience to these attacks – identifying and responding to security breaches – is critical, and why they need to adopt a cyber resilience strategy.
Combining cyber security and business, this strategy helps you implement:
- Effective cyber security without compromising the usability of your systems; and
- A robust business continuity plan that covers your information assets so that you can resume normal operations as soon as possible after a successful attack.