Data Breach: the 2019 Global Overview
The costs of data breaches are increasing daily. They also come in many forms – system glitches, hackers, even malicious insiders. For those who want to know all the key facts and figures...he Ponemon Institute has put together an invaluable study highlighting the trends and factors surrounding data breaches in 2019. What does it all mean for you and your clients? A taster of the 2019 Cost of a Data Breach Report The analysis is based on in depth interviews with more than 500 companies around the world who experienced a data breach between July 2018 and April 2019.... r of the 2019 Cost of a Data Breach Report The analysis is based on in depth interviews with more than 500 companies around the world who experienced a data breach between July 2018 and April 2019. The research study takes into account hundreds of cost factors, from legal, regulatory and technical activities, to loss of brand equity, customer turnover, and the drain on employee productivity. As this is the 14th year of the Cost of a Data Breach Report, it also includes historical data showing trends for a range of metrics over a period of several years. The research continues to evolve Taking into account the changing nature of information technology, data regulation, security tools and processes, and the most up to date cyber attack news, this year’s report explores several new avenues for understanding the causes and consequences of data breaches. It details, for example, the ‘long tail’ or long-term costs of a data breach. It also examines the organisational characteristics that can alleviate the costs of a data breach. This includes substantial security environments, as well as extensive testing of incident response plans. The process of closely coordinating development, security and IT Operations functions (DevSecOps) can also diminish potential costs. The report also builds on previous research. It explores trends in the causes of data breaches, together with figures highlighting the length of time to identity and contain breaches (the breach lifecycle).For the second year, too, it details the cost impacts of security automation, and the state of automaton within different industries and regions. There’s also an update on last year’s initial examination of mega breaches involving more than I million lost or stolen records. Above all, this report proves that the consequences of data breaches are increasingly severe. However, perhaps most usefully of all, the study points to ways organisations can mitigate costs and potentially improve their overall security posture. Data protection breach examples Out of 26 factors contributing to the cost of a data breach, the five worst were third-party involvement, compliance failures, extensive cloud migration, system complexity, and operational technology (OT). For example: If a third party caused the data breach, the cost increased by more than $370,000, for an adjusted average total cost of $4.29 million. Organisations undergoing a major cloud migration at the time of the breach saw a cost increase of $300,000, for an adjusted average cost of $4.22 million. System complexity increased the cost of a breach by $290,000, for an average cost of $4.21 million. Cutting the costs of a data breach and cyber threats Encryption, business continuity management, DevSecOps, and threat intelligence sharing all helped reduce the costs of a data breach. Among the 26 cost factors studied, these were the chief cost mitigators that either helped either in the aftermath of or by actively preventing a breach. Among these, encryption had the greatest impact. It reduced breach costs by an average of $360,000. Business continuity management in the aftermath of a breach reduced the total cost of a data breach by an average of $280,000. Similarly, organisations who’d deployed automated security solutions, reducing the need for direct human intervention, saw significantly lower costs after experiencing a data breach. These solutions included the use of security utilising artificial intelligence, machine learning, analytics, and automated incident response orchestration. The changing costs of a data breach Organisations who’d failed to deploy security automation experienced data breach costs that were 95% higher than breaches at organisations with fully deployed automation. In figures, that’s’ $5.16 million average total cost of a data breach without automation vs. $2.65 million for fully deployed automation. Data breach costs at organisations without deployed automation were far costlier in 2019 than in 2018. They’ve risen from an average $4.43 million in 2018 to $5.16 million in 2019, an increase of more than 16%. On the other hand, data breaches at organisations with fully deployed automation decreased in cost by 8% from 2018 to 2019. In these cases, the cost of a data breach dropped from an average of $2.88 million in 2018 to $2.65 million in 2019. Year on increases in the likelihood of suffering a cyber attack The percentage chance of experiencing a data breach within two years was 29.6% in 2019, an increase from 27.9% in 2018. Malicious cyber attacks have also continued to increase. The share of breaches caused by recent cyber attacks has grown by 21% since the 2014 study. The hidden costs of a data breach For five years, the highest cost component of a data breach has been lost business. Although this was followed by the costs of detection and escalation, the financial consequences of losing customers were the most severe. Certain countries were also more vulnerable to customer turnover than others. France, Italy and Japan experienced the highest abnormal customer turnover rates, whereas Scandinavia, Turkey and Canada suffered the lowest. Customer turnover rate also differed amongst the industries. Healthcare, financial services, and pharmaceuticals had particular difficulty retaining customers following a data breach, all experiencing much higher rates than the average 3.9%. In contrast, public sector, media and transportation organisations experienced a relatively low customer turnover. The most vulnerable companies were obviously those in industries where customers could easily take their business to a competitor. Cost of a Data Breach Report 2019 Going by the experiences of organisations involved in this research, the probability of a company suffering a further data breach can be based on two factors: how many records were lost or stolen, and the country or regional location of the breach incident. So, what’s the probability that you or your clients might suffer a data breech? Find out the key findings by downloading your copy of the report today!