Data Breaches Cost $4 Million Per Incident

The average data breach costs an organization nearly $4 million per incident, according to a study sponsored by IBM and conducted by the Ponemon Institute. Costs are higher than the average for organizations in highly regulated industries such as healthcare.

The healthcare industry saw the cost of a data breach rise to $355 per breached record, an increase of $100 since 2013, the study found.

The number of cyberattacks has increased over recent years, and the methods hackers deploy to gain unauthorized access to organizations’ data have become increasingly sophisticated. Both of these factors may contribute to the sharp increase in the cost of cleaning up after a breach.

However, the study found that a lack of a thorough incident response plan and a slow response resulted in greater expenses to an organization. Breaches identified within 100 days of the incident cost an average of $3.23 million, while breaches identified more than 100 days after the incident cost $4.38 million on average.

Incident response teams help organizations identify and contain breaches more quickly and lower the overall cost of a breach, according to the study. A pre-defined incident response plan was found to streamline the process and reduce the amount of time staff took away from their regular duties to assist with response efforts. A poor or non-existent incident response plan would directly raise the cost of a data breach to a healthcare provider; as a covered entity under HIPAA, providers are required to have an incident response plan and can face corrective actions if they do not have one.