Canadian Underwriter
News

Average cost of data breach rose in 2012, most expensive in Germany and U.S.: report


June 6, 2013   by Canadian Underwriter


Print this page Share

Human errors and system problems caused two-thirds of data breaches last year, although those caused by malicious attacks were the most costly, according to global report from the Ponemon Institute.

Data breach

The global average cost for breaches was $136 per record (such as payment transactional information, employee records, citizen, patient and student information), according to the report, which was sponsored by IT security company Symantec Corp.

That’s up from the average of $130 in 2011, according to the report. Last year had an average of 23,647 breached records, according to the report.

“While external attackers and their evolving methods pose a great threat to companies,  the dangers associated with the insider threat can be equally destructive and insidious,” Larry Ponemon, chairman of the Ponemon Institute noted.

“Eight years of research on data breach costs has shown employee behavior to be one of the most pressing issues facing organizations today, up 22% since the first survey,” he added.

The annual global report is based on the actual data breach experiences of 277 companies in nine countries including the United States, United Kingdom, France, Germany, Italy, India, Japan, Australia, and Brazil.

All of the data breach incidents studied in the reports occurred in the 2012 calendar year. In order to properly track trend data, the Ponemon Institute does not include breaches of more than 100,000 compromised records (which can skew results).

System glitches and human errors were responsible for about 64% of the data breaches included in the report. Such errors were especially common in Brazil and India, according to the report.

“Given organizations with strong security postures and incident response plans experienced breach costs 20% less than others, the importance of a well-coordinated, holistic approach is clear,” Anil Chakravarthy, executive vice president of the Information Security Group at Symantec noted.

“Companies must protect their customers’ sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data centre.”

Germany and the United States experienced the highest average costs from breaches, at $199 and $188 per record, respectively, according to Ponemon. Both countries also had the highest total cost, with the U.S. at $5.4 million and Germany at $4.8 million.

The least costly breaches were in Brazil ($58 per record; total cost of $1.3 million) and India ($42 per record; total cost of $1.1 million).

On average, Australian and U.S. companies had the largest number of exposed or compromised records, according to the report, while Japanese and Italian companies had the smallest number of breached records.

In all countries analyzed, malicious or criminal attacks proved most costly. In the U.S., such attacks cost $277 per record, and in Germany, where companies were most likely to experience malicious attacks, they cost $214 per record.

Notably, France and Australia had the highest rate of customer turnover because of data breaches.

Companies in Germany and Australia spent the most on average on assessing and investigating the data breach, at $1.3 million and $1.2 million, respectively.

German companies and U.S. companies also spent the most on notification (including notifying victims their information had been breached). U.S. companies spent an average of $565,020 on notification, while German companies spent $353,927 on average.

Organizational factors, such as appointing a chief information security officer within a company, can decrease the cost of breaches, the report notes.

The full report, and individual country reports, are available for download on Symantec’s website.

Cost of a data breach


Print this page Share

Have your say:

Your email address will not be published. Required fields are marked *

*