Average consolidated total cost of a data breach is now $3.8 million, according to IBM’s annual Cost of Data Breach Study conducted by the privacy and data protection consultancy Ponemon Institute.
This represents a 23% increase since 2013.
The study also found that the cost for each lost or stolen record containing sensitive and confidential information rose 6% to $154.
Ponemon’s researchers established a correlation between the time taken to identify a breach and total cost of the breach.
The IBM-Ponemon study focused on interviews with IT, compliance and information security workers representing 350 organizations in US, UK, Germany, Australia, France, Brazil, Japan, Italy, India, United Arab Emirates, Saudi Arabia and Canada.
But the heaviest price of online attacks is being paid by US businesses, government agencies and ultimately by its citizens.
US – Worst Hit?
While businesses and organizations in all geographies are subject to criminal online attacks, the US remains the epicenter for large attacks (where millions of records are stolen) since it yields the maximum profits for hackers.
Every day brings news of devastating online attacks on US businesses and government agencies suggesting the overall cyberdefense infrastructure remains weak and easily open to attack.
The IBM-Ponemon study found that the US had the highest per-record cost of cyber-breaches, at $217, followed by Germany at $211.
Just yesterday, the IRS reported that records of 100,000 taxpayers were filched by hackers.
A week earlier, health insurance firm CareFirst acknowledged that medical records of 1.1 million current and former subscribers had been stolen. In February, Anthem/BlueCross reported that records of nearly 79 million current and former members had been stolen. And so the depressing hacking news come week after week.
Medical records of over 100 million Americans have been stolen over the last 18 months following attacks on CareFirst, Anthem/BlueCross and a gaggle of smaller health insurance companies and hospitals.
It’s safe to assume that the medical history of at least half of all Americans is now in the hands of criminal hackers and being actively traded in black markets online.
An earlier Ponemon study reported that criminal attacks on healthcare establishments are up 125% since 2010 and are now the leading cause of data breach.
Criminal hackers have shifted their focus from credit cards to the healthcare sector for two reasons:
1. Individuals’ personal information, credit information and protected health information are accessible in one place, and translate into a higher return when monetized and sold. Personal information like Social security Numbers and medical data also have longer ‘shelf life’ since they remain valid for longer periods of time.
2. ‘Shelf life’ and value of stolen credit card information is short since users quickly report the theft and change their card numbers.
Not surprisingly, the healthcare industry is also the segment with highest per record cost – $363.
The cost of these barrage of attacks on US retailers, health insurance firms and other organizations now runs in the billions of dollars (stemming from lawsuits, damage to brand reputation, hiring of forensic teams, additional investment in IT infrastructure etc).
The FBI, which invariably comes into the picture after the attacks. believes most healthcare organizations are still unprepared to address the cyber-threat environment and lack resources and processes to protect patient data.
Among the 12 nations studied in the IBM-Ponemon report, India ranked lowest in the per record cost, at $56.