This document assesses the costs associated with data breaches, highlighting an average global cost of $4 million. It details the factors impacting these costs, such as the type of industry and time to detection, and outlines components of breach costs including detection, notification, and lost business. The document also emphasizes the importance of training IT teams and implementing security measures to significantly reduce the costs of breaches.

1. WHAT DOES A
COST?

2. Assessing the risk of a data breach is
the first step toward preparing your
defensive strategy. Learn what
factors affect the cost of a data
breach and what you can do to
mitigate the damage.

3. of experiencing a data
breach involving
10,000 or more lost or
stolen records.
The average
company
has a
1 4
CHANCE
IN

4. Globally the
average cost of
a data breach is
4MILLION
$

5. The average data breach in
2016 was 29% more costly
than just 3 years previous.
AVG. COST PER RECORD
158$
137$
AVG. COST PER BREACH
mil4$
mil3.1$
AVG. RECORDS COMPROMISED
23,83422,627

6. This cost may be be higher
or lower depending on
where you are.
mil7$
mil5$
mil
AVG. COST PER BREACH (2016) $4million
1.8$
mil1.6$
GERMANY
USA
S. AFRICA
INDIA

7. WHAT MAKES UP
THE COST OF A

8. While mostly dependent
on the number of records
lost, the overall cost of a
breach can be broken
down into 4 main
components.

9. DETECTION &
ESCALATION
OTHER
NOTIFICATION
RESPONSE
LOST
BUSINESS
37%
25%
25%
8%
5%
COST OF
BREACH

10. DETECTION &
ESCALATION COSTS
Forensics, investigation,
assessments and audits,
crisis management and
internal communication.
MILLION
1.01$

11. MILLION
1.02$
RESPONSE
COSTS
Help desk activities,
special investigations,
legal expenses, identity
protection services, etc.

12. MILLION
1.51$
LOST BUSINESS
COSTS
Abnormal customer churn and
increased customer acquisition
activities in the face of reputation
loss and damaged goodwill.

13. THOUSAND
165$
NOTIFICATION
COSTS
Creating contact databases, compliance
with regulatory requirements, and the
cost of postal and electronic
communication systems.

14. 2 FACTORS
IMPACT THE COST
PER RECORD OF A
DATA BREACH:
TYPE OF
INDUSTRY
TIME TO
DETECTION &
CONTAINTMENT

15. HEALTHCARE
EDUCATION
RETAIL
COMMUNICATIONS
ENERGY
TECHNOLOGY
TRANSPORTATION
PUBLIC
355$
246$
172$
164$
148$
145$
129$
80$
COST PER RECORD
BY INDUSTRY

16. 3.18MILLION
30
DAYS
$ 4.35MILLION
30
DAYS
$
TOTAL AVERAGE COST
BASED ON TIME TO CONTAIN

17. HOW TO MITIGATE
THE COST OF A

18. IT Teams can make significant
impact in lowering the cost of
security breaches by improving
their ability to prevent, detect,
and respond.

19. THE MOST
SIGNIFICANT
FACTORS THAT
REDUCE THE COST
OF SECURITY
BREACHES:
ENCRYPTION
INCIDENT
RESPONSE PLANS
DATA LOSS
PREVENTION CONTROLS
TRAINING & AWARENESS

20. PER CAPITA COST
REDUCTION BY
FACTOR
8$
13$
16$
9$
DATALOSS
PREVENTION
ENCRYPTION
INCIDENTRESPONSEPLANS
TRAINING&
AWARENESS

21. TRAINING AND CERTIFICATION
ALLOW IT TEAMS TO REDUCE COSTS
BY QUICKLY DETECTING AND
ADDRESSING SECURITY BREACHES.

22. Certified IT staff evaluate and
respond rapidly to security
attacks 26% more often.

23. NOT ALL
BREACHES ARE
THE RESULT OF

24. MORE THAN HALF
OF ALL BREACHES
ARE THE RESULT
OF HUMAN OR
SYSTEM

25. TRAINING REDUCES THE
LIKELIHOOD OF HUMAN
ERROR, AND PREVENTS
MALICIOUS ATTACKS.

26. AN INVESTMENT IN
TRAINING CAN PREVENT THE
SIGNIFICANT EXPENDITURES
ASSOCIATED WITH DATA
LOSS OR THEFT.

27. Network resources managed by
certified staff are in compliance
with industry security policies for
access control 10% more often.

28. Well-trained information
security teams were on average
10% more productive than their
peers, and account for an
average gain of $70,000 in
annual improvements.

29. Prepare your team to prevent
security issues, starting with these
CBT Nuggets training courses.

30. CompTIA Security+
Cisco CCNP Security
Certified Information Systems
Security Professional
with trainer
Keith Barker
Identify risk, provide infrastructure, application
information, and operational security.
Integrate an IPS, firewall components, and
cloud/email security solutions.
Learn security strategies and solutions for
industries from banking and financial to
government and public utilities, as well as
high-tech and hospitality.