Jun. 16, 2016

Study: Health Care Data Breaches Are Costly

The results of a global study analyzing the financial impact of data breaches to a company’s bottom line have been released. Sponsored by IBM and conducted by the Ponemon Institute, the 2016 Cost of Data Breach Study: Global Analysis found that the average cost of a data breach for companies surveyed has grown to $4 million, representing a 29 percent increase since 2013.

Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014, according to the study.  As these threats become more complex, the cost to companies continues to rise.

Data breaches cost the most in the United States and Germany, and the study found that companies lose $158 per compromised record. Breaches in highly regulated industries were more costly, with health care reaching $355 per record.

Global megatrends

Over many years studying the data breach experience of 2,013 organizations in every industry, the research reveals the following:

  • Since first conducting this research, the cost of a data breach has not fluctuated significantly. This suggests that it is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.
  • The biggest financial consequence to organizations that experienced a data breach is lost business. Following a data breach, organizations need to take steps to retain customers’ trust to reduce the long-term financial impact.
  • Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
  • Organizations recognize that the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. Over the years, detection and escalation costs in research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain.
  • Regulated industries, such as health care and financial services, have the most costly data breaches because of fines and the higher than average rate of lost business and customers.
  • Improvements in data governance programs will reduce the cost of a data breach. Incident response plans, appointment of a CISO, employee training and awareness programs and a business continuity management strategy continue to result in cost savings.
  • Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year’s study revealed a reduction in the cost when companies participated in threat sharing and deployed data loss prevention technologies.

The full report can be accessed at: http://www-03.ibm.com/security/data-breach/index.html