View on-demand webinar: https://securityintelligence.com/events/2016-ponemon-cost-data-breach/
Please join IBM and Larry Ponemon, Chairman and President of the Ponemon Institute, as he shares the results of his 2016 Cost of a Data Breach study and discusses the implications of the study for today’s businesses with Adam Trunkey, Portfolio Marketing Executive, for IBM Security Services.
In this on-demand webinar, you will learn the key findings of the study, including:
- What are the major cost implications from a security incident perspective in key geographies across the globe
- Key industries affected and what were the specific costs reported by respondents
- Major factors that affect the financial consequences of a data breach
- What mega trends are developing based on a decade of studying data breaches?
What's New in Teams Calling, Meetings and Devices March 2024
The 2016 Ponemon Cost of a Data Breach Study
1. Key findings from the
2016 Cost of Data Breach Study:
Global Analysis
BENCHMARK RESEARCH SPONSORED BY IBM
INDEPENDENTLY CONDUCTED BY
PONEMON INSTITUTE
JUNE 2016
2. 2 IBM Security
Introducing our speakers
Adam Trunkey,
Portfolio Marketing
Security Services,
IBM Security
atrunkey@us.ibm.com
Larry Ponemon
Chairman and Principal
The Ponemon Institute
Larry@ponemon.org
3. 3 IBM Security
The 2016 Cost of Data Breach Study covered 383 companies in 12
countries and 16 industries
CountriesIndustries
Hospitality, 2%
Media, 2%
Health, 2%
Life science, 2%
Transportation, 4%
Communications, 4%
Energy, 5%
Consumer, 7%
Public, 8%
Retail, 9%
Financial, 14%
Industrial, 14%
Services, 12%
Technology, 12%
Research, 1%
Education, 1%
South Africa
5%
Italy 6%
Canada 6%
Arabian
Cluster 6%
Australia 7%
Japan 7%
France 8%
Germany 9%
Brazil, 8%
India, 10%
United
Kingdom,
11%
United States,
17%
4. 4 IBM Security
Understanding these will help you understand the report findings
A mega-breach of more than 100,000 records is not considered typical. The cost data in this study
cannot be used to calculate the financial impact of a mega-breach over 100,000 records.
Data breach
An event in which an individual’s name plus a
medical record or financial record or debit card is
potentially at risk
Data record
Information that identifies the natural person
(individual) whose information has been lost or
stolen in a data breach
Incident
For this study, a data breach involving between
approximately 3,000 to 100,000 compromised
records
Participants
Organizations that experienced a data breach
within the target size range
Benchmark research
The unit of analysis is the organization; in a
survey, the unit of analysis is the individual
5. 5 IBM Security
Key finding: the cost of a data breach continues to rise
Global average Global average
$158 15%since
2013
$4M 29%since
2013
Highest countries Lowest countries Highest countries Lowest countries
$221
$213
UNITED STATES
GERMANY
$100
$61
BRAZIL
INDIA
Cost per record Cost per incident
$7M
$5M
UNITED STATES
GERMANY
$1.8M
$1.6M
SOUTH AFRICA
INDIA
Currencies converted to US dollars
6. 6 IBM Security
Growth in four areas contributed to the increase in data breach cost
5.4%
3.2%
2.9%
2.9%
Average total cost
Average size
Abnormal churn
Per record cost
Abnormal customer
churn—customers
lost following a data
breach—translates
into lost business
Percent of increase over 2015
Currencies converted to US dollars
7. 7 IBM Security
The largest component of the total cost of a data breach is lost business
Detection and escalation
$1.09 million
Notification
$0.18 million
Lost business cost
$1.63 million
Ex-post response
$1.10 million
Components of the $4 million cost per data breach
$4
million
Forensics, root cause
determination, organizing
incident response team,
identifying victims
Disclosure of data breach to
victims and regulators
Help desk, inbound communications,
special investigations, remediation, legal
expenditures, product discounts, identity
protection service, regulatory interventions
Abnormal turnover of
customers, increased
customer acquisition cost,
reputation losses,
diminished goodwill
Currencies converted to US dollars
8. 8 IBM Security
The per-record cost of a data breach varies widely by industry
$80
$112
$129
$131
$133
$139
$145
$148
$156
$164
$172
$195
$208
$221
$246
$355
Public
Research
Transportation
Media
Consumer
Hospitality
Technology
Energy
Industrial
Communications
Retail
Life science
Services
Financial
Education
Healthcare
Healthcare and
finance experienced
larger costs
Average cost per record breached Currencies converted to US dollars
9. 9 IBM Security
Time to identify and time to contain a data breach also affect cost
$3.18
$4.35
MTTC < 30 days MTTC ≥ 30 days
$3.23
$4.38
MTTI < 100 days MTTI ≥ 100 days
Mean time to identify (MTTI) Mean time to contain (MTTC)
(The time it takes to detect that an incident
has occurred)
(The time it takes to resolve a situation and
ultimately restore service)
Total cost, in millions Total cost, in millions
Currencies converted to US dollars
10. 10 IBM Security
Hackers and criminal insiders cause the most data breaches
Malicious or
criminal attack
48%
Human error
25%
System glitch
27%
$133per record to resolve
$170per record to resolve
$138per record to resolve
Currencies converted to US dollars
11. 11 IBM Security
The incidence of malicious attack varies considerably by country
60%
54%
52%
52%
51%
50%
50%
46%
46%
41%
39%
37%
24%
21%
26%
30%
24%
27%
23%
27%
25%
35%
30%
26%
16%
25%
22%
18%
24%
23%
27%
27%
29%
24%
30%
37%
Arabian Cluster
Canada
Japan
Germany
United Kingdom
United States
France
Australia
Italy
India
Brazil
South Africa
Malicious or criminal attack System glitch Human error
12. 12 IBM Security
Organizations in certain countries are more likely to experience a data
breach of 10,000 or more records over a two-year period
15%
16%
17%
22%
23%
24%
24%
31%
31%
32%
33%
40%
Germany
Australia
Canada
Italy
United Kingdom
Japan
United States
Arabian Cluster
India
France
South Africa
Brazil
Average likelihood
of experiencing a
breach of 10,000 or
more records over a
two-year period
26%
Probability that an organization will experience
a data breach over two-year period
13. 13 IBM Security
Key factors that you can apply to help reduce the cost of a data breach
$7.00
$8.00
$9.00
$9.00
$9.00
$13.00
$16.00
CISO appointed
Extensive data leak protection
Business Continuity Management
involvement
Participation in threat sharing
Employee training
Extensive use of encryption
Incident response team
All cost savings
have increased over
the last year
Amount by which the cost-per-record was lowered
Currencies converted to US dollars
14. 14 IBM Security
Seven global megatrends have emerged from 11 years of cost of data
breach research studying 2,013 organizations
1
This is a permanent cost that
organizations must be ready to deal
with
Lost business is the biggest financial
consequence of a data breach
Criminal and malicious attacks are the
most common, costly and difficult to
address causes
Cost is directly related to the time it
takes to detect and contain a breach
5
Regulated industries such as
healthcare and financial services have
the most costly breaches
Improvements in data governance
programs will reduce the cost of a
data breach
Data loss prevention technologies
are important for preventing data
breaches
2
3
4
6
7
15. 15 IBM Security
Read the full report to learn more
Visit ibm.com/security/data-breach
and register to receive the global
study or a country-specific study
Visit ibm.com/security/services
to learn how IBM Security Services
can help protect your organization
Visit www.ponemon.org
to learn more about Ponemon
Institute research programs
19. 19 IBM Security
Total cost of data breach over four years
$3.02
$3.52
$3.79
$4.00
2013 2014 2015 2016
Total average cost ($millions)
Currencies converted to US dollars
20. 20 IBM Security
2016 total cost of data breach, by country
$1.60
$1.87
$1.92
$2.44
$3.26
$3.30
$3.95
$4.61
$4.72
$4.98
$5.01
$7.01
India
South Africa
Brazil
Australia
Italy
Japan
United Kingdom
Arabian Cluster
France
Canada
Germany
United States
Currencies converted to US dollars
Total average cost per country ($millions)
21. 21 IBM Security
Per-record cost of a data breach since 2013
$136
$145
$154
$158
2013 2014 2015 2016
Average cost per record
Currencies converted to US dollars
22. 22 IBM Security
2016 per-record cost of a data breach
$61
$100
$101
$131
$122
$142
$156
$159
$196
$211
$213
$221
India
Brazil
South Africa
Australia
Arabian Cluster
Japan
Italy
United Kingdom
France
Canada
Germany
United States
Average cost per record, per country