Digital Transactions Authoritative, insightful and timely information for payments professionals
Maybe being number one in something isn’t always all it’s cracked up to be. For instance, the United States leads the world in the per capita cost—$233—of a data breach, finds the “2018 Cost of a Data Breach Study: Global Overview,” released Wednesday.
That figure bests Canada, at $202 per capita, and Germany, $188.
Sponsored by IBM Security, a unit of IBM Corp., and completed by the Ponemon Institute LLC, the study also found that U.S. organizations have the highest total average cost for dealing with data breaches at $7.91 million, much higher than costs in the Middle East, at $5.31 million. Brazil has the lowest total average cost, at $1.24 million.
Of the 17 industry sectors examined, financial-services organizations had a per capita cost of $206 for a data breach. Only health care, at $408, was higher.
Perhaps not surprisingly, as the number of records in a breach increases, so do the costs. Breaches involving less than 10,000 records cost on average $2.1 million, and escalate from there to $5.7 million for those with more than 50,000 records.
As for the root cause of these breaches, in the United States, 52% originate in a malicious or criminal attack. Twenty-three percent are because of a system glitch and 25% are because of human error.
It’s the malicious ones that cost the most to remedy, the study finds. The per capita cost in the United States is $207 for breaches stemming from malice, compared with $166 for those related to system glitches, and $169 for human-error causes.
For the first time, Ponemon looked at the cost of “mega” breaches, those involving more than 1 million records. The Equifax Inc. breach of approximately 145 million Social Security numbers is a mega-breach example.
The total cost of a breach of 1 million records has an average total cost of $39.5 million. Lost business accounts for $15 million of that. The total cost of a breach of 10 million records dramatically increases to $147.7 million. A breach of 50 million records has a total cost of $350.4 million. Exceptions to these findings include the $544 million Target Corp. paid to recover from a 2013 breach of 40 million credit and debit cards and 70 million non-card customer records.
