May 28, 2015 by Canadian Underwriter
The average consolidated total cost of a data breach in Canada was $5.32 million, according to the first Canadian study of its kind from the Ponemon Institute in Traverse City, MI.
Released on Wednesday, the inaugural 2015 Cost of Data Breach Study: Canada found that the average cost per lost or stolen record was $250 and 52% of data breaches involved malicious or criminal attacks. The study examined the costs incurred by 21 Canadian companies from 11 different industry sectors “following the loss or theft of protected personal data and the notification of breach victims as required by various laws.”
The average cost per compromised record was $250, with the highest component pertaining to detection and escalation costs at $91, followed by lost business ($84) and ex-post response ($67), the study found. For the average total organizational cost of the data breach at $5.32 million, the largest cost component was lost business at $1.99 million on average, followed by detection and escalation ($1.68 million) and ex-post response ($1.53 million). [click image below to enlarge]
Certain industries also had higher data breach costs, with the financial, services, technology and energy sectors having a “per capita data breach cost substantially above the overall mean of $250,” the study reported.
Not surprisingly, the more records that were lost, the higher the cost of the data breach. “In this year’s study, the cost ranged from $2.15 million for data breaches involving 10,000 or fewer to $9.52 million for the loss or theft of more than 50,000 records.” [click image below to enlarge]
As for factors that reduced the cost of data breach, incident response teams and plans, incident response teams and plans, extensive use of encryption, employee training programs, board-level involvement, CISO appointments, business continuity management and insurance protection decreased the per capita cost, the study said.
The Ponemon Institute said that the following all “appear to reduce data breach costs for Canadian companies:” an incident response plan in place, extensive use of encryption, employee training, board-level involvement, the appointment of a CISO with enterprise-wide responsibility, involvement of business continuity management in the remediation of the breach and insurance protection.”
The report was part of the institute’s annual Cost of Data Breach Study: Global Analysis, which studied 350 companies spanning 11 countries. The first Cost of Data Breach study was conducted 10 years ago in the U.S. and now includes the United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (a consolidation of organizations in the United Arab Emirates and Saudi Arabia) and for the first time, Canada. [click image below to enlarge]
The global study found that the average consolidated total cost of a data breach was $US3.8 million, representing a 23% increase since 2013.
“Based on our field research, we identified three major reasons why the cost keeps climbing,” Dr. Larry Ponemon, chairman and founder of Ponemon Institute said in a statement. “First, cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents. Second, the financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost. Third, more companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management.”