Now in its 14th year, the Annual Cost of a Data Breach report covers breaches that took place in the year leading up to April 2019. In the months following, we have seen three massive regulatory fines imposed for breaching new data privacy regulations.
The 2019 Cost of a Data Breach Report isn’t exactly full of good news. The headline figures show the average cost of a breach has risen to $3.92million (US). The average number of records compromised in a breach sits at over 25,000 and the average time taken to identify and contain a breach has risen to 279 days.
IBM and the Ponemon Institute use four process-related expenses to calculate the cost of a breach:
- Detection and escalation
- Notification costs
- Post breach response costs
- Lost business costs
Amongst the post-breach response costs are regulatory fines. We can confidently predict that the average cost per breach will rise significantly next year, thanks to three eye-watering penalties handed out to British Airways, Marriott Hotels and Equifax in recent weeks.
Breach costs continue to rise
The UK’s Information Commissioner’s Office (ICO) imposed a $223million on British Airways after 500,000 customers’ details were stolen following a website hack in 2018. The ICO also served Marriott Hotels with a $123million fine following a data breach suffered by subsidiary company Starwood Properties. On this occasion, the breach took place in 2014 but wasn’t discovered until November 2018. In the interim, the records of 383 million guests were compromised.
In the US, credit bureau Equifax agreed to settle a number of enforcement actions with all US states, the Federal Trade Commission and the Consumer Financial Protection Bureau. The total costs to Equifax will be at least $585million and could rise as high as $700million.
According to the article in Wired, investigators described the pay-out as “an important wake-up call for all US corporations – especially since Equifax will also be required to make hundreds of millions of dollars-worth of cyber security improvements on top of the fines”.
What impacts the cost of breach?
The report explores a total of 26 factors that can have an influence on the overall cost of a data breach. Some result in an increase in costs, some can help mitigate costs. Many of the factors that contribute to a higher than average cost are associated with complex IT infrastructure. Extensive use of IoT devices, mobile working and cloud adoption appear pose additional risks. The trouble is, most of the world is moving in this direction; so, what can be done to offset this risk?
If you ignore the requirement for an incident response team, the report concludes the single biggest contributing factor to a lower than average breach cost is the extensive use of encryption. The big fines we are seeing imposed under new legislation like the GDPR are for “qualifying” breaches. If your data is protected with suitably effective encryption security, it does not qualify as a breach.
Senetas is a global leader in the development of end-to-end encryption security solutions. Our products secure all types of networks and protect network and shared data for commercial, industrial, government and defence organisations.
Senetas solutions are single-purpose security products; thanks to their security, performance and low total cost of ownership, our solutions are used to protect sensitive data in more than 35 countries.
Further reading:
Marriot to face $123million fine by UK authorities
British Airways faces record £183million fine for data breach