By Autumn Field
Equifax, the most infamous data breach in recent history, impacted Americans across the country as hackers exploited a flaw in the Equifax online credit dispute system and stole clients’ personal information. A data breach occurs when a company leaks sensitive information about a group, individual, or system. Hackers, system glitches, or human error can cause these leaks which, ultimately, can result in the malicious use of personal information and identity theft. Before entrusting personal information to companies, it is important for consumers to understand what a data breach costs and entails as well as the safe guards, protocols, and procedure in place within each organization to ensure that data is kept safe.
A recently released study revealed that, on average, the total cost of a data breach last year was about $3.86 million. The cost of a breach has gone up by approximately 6.4 percent since last year. Each stolen record is worth roughly $148—a $7 increase from the $141 average in 2017. This recent report found that breaches are the most costly in the Middle East and the United States, averaging $5.31 million and $7.91 million respectively.
To resolve a data breach, companies must pay for technical investigations as well as regulatory filings, but there are also other hidden costs associated with a breach. Companies lose business, suffer a blow to their reputation, and then must spend additional time and resources attempting to recover the information that was lost. The United States paid the most in data breach response measures this year, costing about $1.76 million in total, with the highest recorded amount of indirect costs—approximately $152 per capita. However, the price is not the only growing concern for companies surrounding data breaches—the breaches themselves have gotten larger in both size and scope.
The typical size of a data breach, according to this study, has grown by 2.2 percent from last year. The research also reflected that the likelihood of another material breach during the span of the next two years was 27.9 percent, an increase since last year. Among the companies that were included in the sample, the mean breach identification time was 197 days, while the mean containment time was about 69 days. This means that consumer data was leaked, on average, for about 197 days before the leak was identified. The data showed that malicious attacks were typically more difficult to identify and contain as opposed to breaches caused by human error.
The study determined that criminal or malicious attacks caused 48 percent of all breaches reported. These attacks cost approximately $157 per record lost in comparison with the $131 loss associated with system glitches and errors. Businesses which were able to identify a breach in less than 100 days were able to save over $1 million more than their counterparts who recognized the attack later. The later the attack is recognized, the more data hackers can access. Additionally, companies with a 30-day containment capability were able to save more than $1 million in comparison to those businesses that took more than 30 days to resolve their breach. Therefore, consumers should research the company’s breach identification and containment history to verify that the security in place will keep their data safe.
Companies which maintain an incident response team were also able to save up to $14 per record, bringing the average record cost (adjusted for a response team) down from $148 to $134. The use of encryption also helped to reduce the cost per record lost, saving companies that use encryption about $13 and bringing the average record cost down from $148 to $135. Consumers can research online or call companies to determine whether or not they encrypt data or use an incident response team as additional data safety measures.
Although companies are learning more about data breaches and have developed some methods to protect themselves, it is important that consumers research the protocols and fail-safes that companies incorporate into their security, such as an incidence response team, before giving their information.
Image from Pexels.com