The financial impact of data breaches are becoming expensive for companies, latest IBM sponsored study revealed.
The average cost of a data breach for companies has grown to $4 million, representing a 29 percent increase since 2013.
The study found that cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014.
As these threats become more complex, the cost to companies continues to rise. The study found that companies lose $158 per compromised record.
Breaches in highly regulated industries were even more costly, with healthcare reaching $355 per record – a full $100 more than in 2013.
According to the study, leveraging an incident response team was the single biggest factor associated with reducing the cost of a data breach. This has saved companies nearly $400,000 on average (or $16 per record).
Suggested remedies
The study further suggests how a company should respond to a data breach. For that a company must:
- Work with IT or outside security experts to quickly identify the source of the breach and stop any more data leakage
- Disclose the breach to the appropriate government/regulatory officials, meeting specific deadlines to avoid potential fines
- Communicate the breach with customers, partners, and stakeholders
- Set up any necessary hotline support and credit monitoring services for affected customers
The study also revealed the longer it takes to detect and contain a data breach, the more costly it becomes to resolve.
While breaches that were identified in less than 100 days cost companies an average of $3.23 million, breaches that were found after the 100 day mark cost over $1 million more on average ($4.38 million).
The average time to identify a breach in the study was estimated at 201 days, and the average time to contain a breach was estimated at 70 days.
The IBM study found that companies that had predefined Business Continuity Management (BCM) processes in place found and contained breaches more quickly, discovering breaches 52 days earlier and containing them 36 days faster than companies without BCM.
