CAMBRIDGE, MA - 20 Jun 2017: IBM Security (NYSE:
IBM ) today announced the results of a global study
exploring the implications and effects of data breaches
on today’s businesses. Sponsored by IBM Security and
conducted by Ponemon Institute, the study found that
the average cost of a data breach is $3.62 million
globally [1], a 10 percent decline from 2016 results. This
is the first time since the global study was created that
there has been an overall decrease in the cost.
According to the study, these data breaches cost
companies $141 per lost or stolen record on average.
IBM Security Data Breach Calculator lets you estimate
the cost of a data breach across locations and
industries, and understand how different factors affect
breach costs. Visit: https://
databreachcalculator.mybluemix.net/
Analyzing the 11 countries and two regions surveyed in
the report, IBM Security identified a close correlation
between the response to regulatory requirements in
Europe and the overall cost of a data breach. European
countries saw 26 percent decrease in the total cost of a
data breach over last year’s study. Businesses in Europe
operate in a more centralized regulatory environment,
while businesses in the United States (U.S.) have unique
requirements, with 48 of 50 states having their own data
breach laws. Responding to a multitude of regulatory
requirements and reporting to potentially millions of
consumers can be an extremely costly and resource
intensive task.
According to the 2017 Cost of Data Breach Study: Global
Overview , “compliance failures” and “rushing to notify”
were among the top five reasons the cost of a breach
rose in the U.S. A comparison of these factors suggests
that regulatory activities in the U.S. could cost
businesses more per record when compared to Europe.
For example, compliance failures cost U.S. businesses
48 percent more than European companies, while
rushing to notify cost U.S. businesses 50 percent more
than European companies. Additionally, U.S. companies
reported paying over $690,000 on average for notification
costs related to a breach - which is more than double
the amount of any other country surveyed in the report.
“New regulatory requirements like GDPR in Europe pose
a challenge and an opportunity for businesses seeking
to better manage their response to data breaches,” said
Wendi Whitmore, Global Lead, IBM X-Force Incident
Response & Intelligence Services (IRIS). “Quickly
identifying what has happened, what the attacker has
access to, and how to contain and remove their access
is more important than ever. With that in mind, having a
comprehensive incident response plan in place is
critical, so when an organization experiences an
incident, they can respond quickly and effectively.”
The Cost of a Data Breach Not Down Everywhere
In the 2017 global study, the overall cost of a data
breach decreased to $3.62 million – down 10 percent
from $4 million last year. However, many regions
experienced an increased cost of a data breach – for
example, the cost of a data breach in the U.S. was $7.35
million, a five percent increase compared to last year.
However, the U.S. wasn’t the only country to experience
increased costs in 2017.
Non-European Countries Experienced Increased Costs:
Organizations in the Middle East, Japan, South Africa,
and India all experienced increased costs in 2017
compared to the four-year average costs.
European Countries Experienced Most Significant
Decrease in Costs: Germany, France, Italy and the U.K.
experienced significant decreases compared to the four-
year average costs. Australia, Canada and Brazil also
experienced decreased costs compared to the four-year
average cost of a data breach.
When compared to other regions, U.S. organizations
experienced the most expensive data breaches in the
2017 report.
In the Middle East, organizations saw the second
highest average cost of a data breach at $4.94 million –
more than 10 percent increase over the previous year
Canada was the third most expensive country for data
breaches, costing organizations an average of $4.31
million.
In Brazil data breaches were the least expensive overall,
costing companies only $1.52 million.
Time Is Money: Containing Data Breaches
For the third year in a row, the study found that having
an Incident Response (IR) team in place significantly
reduced the cost of a data breach, saving more than $19
per lost or stolen recorf. The speed at which a breach
can be identified and contained is in large part due to
the use of an IR team and having a formal Incident
Response plan. IR teams can assist organizations to
navigate the complicated aspects of containing a data
breach to mitigate further losses.
According to the study, how quickly an organization can
contain data breach incidents have a direct impact on
financial consequences. The cost of a data breach was
nearly $1 million lower on average for organizations that
were able to contain a data breach in less than thirty
days compared to those that took longer than 30 days.
Speed of response will be increasingly critical as GDPR
is implemented in May 2018, which will require
organizations doing business in Europe to report data
breaches within 72 hours or risk facing fines of up to
four percent of their global annual turnover.
With such significant cost savings in mind, the study
revealed there’s room for improvement with
organizations when it comes to the time to identify and
respond to a breach. On average, organizations took
more than six months to identify a breach, and more
than 66 additional days to contain a breach once
discovered.
Additional Key Findings from 2017 Cost of a Data Breach
Report
By Industry, Healthcare Breaches Most Costly: For the
seventh year in a row, healthcare has topped the list as
the most expensive industry for data breaches.
Healthcare data breaches cost organizations $380 per
record, more than 2.5 times the global average across
industries ($141 per record.)
Top Factors Increasing Cost of a Breach: The
involvement of third-parties in a data breach was the top
contributing factor that led to an increase in the cost of
a data breach, increasing the cost $17 per record.
Organizations need to evaluate the security posture of
their third-party providers – from payroll to cloud
providers to CRM – to ensure the security of employee
and customer data.
Top Factors Reducing Cost of a Breach: Incident
response, encryption and education were the factors
shown to have the most impact on reducing the cost of
a data breach. Having an incident response team in
place resulted in $19 reduction in cost per lost or stolen
record, followed by extensive use of encryption ($16
reduction per record) and employee training ($12.50
reduction per record).
Positive Impact of Resiliency Orchestration: Business
continuity programs are significantly reducing the cost
of a data breach. The overall average data breach cost
per day is estimated at $5,064 in this year’s study.
Companies that have a manually operated Disaster
Recovery process experienced an estimated average cost
of $6,101 per day. In contrast, companies deploying an
automated Disaster Recovery process that provides
resiliency orchestration experienced a much lower
average cost per day of $4,041. This represents a net
difference of 39 percent (or a cost savings of $1,969 per
day).
Uncovering the Cost of a Data Breach
The annual Cost of Data Breach study examines both
direct and indirect costs to companies in dealing with a
single data breach incident. Through in-depth interviews
with more than 410 companies in 13 countries or
regions, the study factors in costs associated with
breach response activities, as well as reputational
damage and the cost of lost business.
“Data breaches and the implications associated continue
to be an unfortunate reality for today’s businesses,” said
Dr. Larry Ponemon. “Year-over-year we see the
tremendous cost burden that organizations face
following a data breach. Details from the report illustrate
factors that impact the cost of a data breach, and as part
of an organization’s overall security strategy, they
should consider these factors as they determine overall
security strategy and ongoing investments in technology
and services.”
Download Full Reports & Register for the Webinar
To download the 2017 Cost of a Data Breach Study:
Global Overview, visit https://www.ibm.com/security/
data-breach/
Country-specific reports are also available for: the
United States, United Kingdom, Germany, Australia,
France, Brazil, Japan, Italy, India, the Arabian region
(United Arab Emirates and Saudi Arabia), Canada, South
Africa, and, for the first time, the Southeast Asian region
(Singapore, Indonesia, the Philippines and Malaysia).
To explore and interact with findings from the 2017
report, please visit the IBM Security Data Breach
Calculator , an interactive tool that allows you to
manipulate report data and visualize the cost of a data
breach across locations and industries, and understand
how different factors affect breach costs.
To register to attend the IBM Security and Ponemon
Institute webinar “Understanding Today’s Security
Breaches: Ponemon Institute’s 2017 Cost of Data Breach
Study” that will be held on June 26, 2017 at 11:00 AM
EDT go to https://ibm.co/2ssR8qz .
About IBM Security
IBM Security offers one of the most advanced and
integrated portfolios of enterprise security products and
services. The portfolio, supported by world-renowned
IBM X-Force® research, enables organizations to
effectively manage risk and defend against emerging
threats. IBM operates one of the world’s broadest
security research, development and delivery
organizations, monitors 35 billion security events per
day in more than 130 countries, and has been granted
more than 3,000 security patents worldwide. For more
information, please check www.ibm.com/security , follow
@ibmsecurity on Twitter or visit the IBM Security
Intelligence blog .
-------------------------------
[1] Local currencies were converted to USD for the Global
study.
Contact(s) information
Kelly Kane
IBM Security Media Relations
+1-413-297-2668
kkane@us.ibm.com
IBM ) today announced the results of a global study
exploring the implications and effects of data breaches
on today’s businesses. Sponsored by IBM Security and
conducted by Ponemon Institute, the study found that
the average cost of a data breach is $3.62 million
globally [1], a 10 percent decline from 2016 results. This
is the first time since the global study was created that
there has been an overall decrease in the cost.
According to the study, these data breaches cost
companies $141 per lost or stolen record on average.
IBM Security Data Breach Calculator lets you estimate
the cost of a data breach across locations and
industries, and understand how different factors affect
breach costs. Visit: https://
databreachcalculator.mybluemix.net/
Analyzing the 11 countries and two regions surveyed in
the report, IBM Security identified a close correlation
between the response to regulatory requirements in
Europe and the overall cost of a data breach. European
countries saw 26 percent decrease in the total cost of a
data breach over last year’s study. Businesses in Europe
operate in a more centralized regulatory environment,
while businesses in the United States (U.S.) have unique
requirements, with 48 of 50 states having their own data
breach laws. Responding to a multitude of regulatory
requirements and reporting to potentially millions of
consumers can be an extremely costly and resource
intensive task.
According to the 2017 Cost of Data Breach Study: Global
Overview , “compliance failures” and “rushing to notify”
were among the top five reasons the cost of a breach
rose in the U.S. A comparison of these factors suggests
that regulatory activities in the U.S. could cost
businesses more per record when compared to Europe.
For example, compliance failures cost U.S. businesses
48 percent more than European companies, while
rushing to notify cost U.S. businesses 50 percent more
than European companies. Additionally, U.S. companies
reported paying over $690,000 on average for notification
costs related to a breach - which is more than double
the amount of any other country surveyed in the report.
“New regulatory requirements like GDPR in Europe pose
a challenge and an opportunity for businesses seeking
to better manage their response to data breaches,” said
Wendi Whitmore, Global Lead, IBM X-Force Incident
Response & Intelligence Services (IRIS). “Quickly
identifying what has happened, what the attacker has
access to, and how to contain and remove their access
is more important than ever. With that in mind, having a
comprehensive incident response plan in place is
critical, so when an organization experiences an
incident, they can respond quickly and effectively.”
The Cost of a Data Breach Not Down Everywhere
In the 2017 global study, the overall cost of a data
breach decreased to $3.62 million – down 10 percent
from $4 million last year. However, many regions
experienced an increased cost of a data breach – for
example, the cost of a data breach in the U.S. was $7.35
million, a five percent increase compared to last year.
However, the U.S. wasn’t the only country to experience
increased costs in 2017.
Non-European Countries Experienced Increased Costs:
Organizations in the Middle East, Japan, South Africa,
and India all experienced increased costs in 2017
compared to the four-year average costs.
European Countries Experienced Most Significant
Decrease in Costs: Germany, France, Italy and the U.K.
experienced significant decreases compared to the four-
year average costs. Australia, Canada and Brazil also
experienced decreased costs compared to the four-year
average cost of a data breach.
When compared to other regions, U.S. organizations
experienced the most expensive data breaches in the
2017 report.
In the Middle East, organizations saw the second
highest average cost of a data breach at $4.94 million –
more than 10 percent increase over the previous year
Canada was the third most expensive country for data
breaches, costing organizations an average of $4.31
million.
In Brazil data breaches were the least expensive overall,
costing companies only $1.52 million.
Time Is Money: Containing Data Breaches
For the third year in a row, the study found that having
an Incident Response (IR) team in place significantly
reduced the cost of a data breach, saving more than $19
per lost or stolen recorf. The speed at which a breach
can be identified and contained is in large part due to
the use of an IR team and having a formal Incident
Response plan. IR teams can assist organizations to
navigate the complicated aspects of containing a data
breach to mitigate further losses.
According to the study, how quickly an organization can
contain data breach incidents have a direct impact on
financial consequences. The cost of a data breach was
nearly $1 million lower on average for organizations that
were able to contain a data breach in less than thirty
days compared to those that took longer than 30 days.
Speed of response will be increasingly critical as GDPR
is implemented in May 2018, which will require
organizations doing business in Europe to report data
breaches within 72 hours or risk facing fines of up to
four percent of their global annual turnover.
With such significant cost savings in mind, the study
revealed there’s room for improvement with
organizations when it comes to the time to identify and
respond to a breach. On average, organizations took
more than six months to identify a breach, and more
than 66 additional days to contain a breach once
discovered.
Additional Key Findings from 2017 Cost of a Data Breach
Report
By Industry, Healthcare Breaches Most Costly: For the
seventh year in a row, healthcare has topped the list as
the most expensive industry for data breaches.
Healthcare data breaches cost organizations $380 per
record, more than 2.5 times the global average across
industries ($141 per record.)
Top Factors Increasing Cost of a Breach: The
involvement of third-parties in a data breach was the top
contributing factor that led to an increase in the cost of
a data breach, increasing the cost $17 per record.
Organizations need to evaluate the security posture of
their third-party providers – from payroll to cloud
providers to CRM – to ensure the security of employee
and customer data.
Top Factors Reducing Cost of a Breach: Incident
response, encryption and education were the factors
shown to have the most impact on reducing the cost of
a data breach. Having an incident response team in
place resulted in $19 reduction in cost per lost or stolen
record, followed by extensive use of encryption ($16
reduction per record) and employee training ($12.50
reduction per record).
Positive Impact of Resiliency Orchestration: Business
continuity programs are significantly reducing the cost
of a data breach. The overall average data breach cost
per day is estimated at $5,064 in this year’s study.
Companies that have a manually operated Disaster
Recovery process experienced an estimated average cost
of $6,101 per day. In contrast, companies deploying an
automated Disaster Recovery process that provides
resiliency orchestration experienced a much lower
average cost per day of $4,041. This represents a net
difference of 39 percent (or a cost savings of $1,969 per
day).
Uncovering the Cost of a Data Breach
The annual Cost of Data Breach study examines both
direct and indirect costs to companies in dealing with a
single data breach incident. Through in-depth interviews
with more than 410 companies in 13 countries or
regions, the study factors in costs associated with
breach response activities, as well as reputational
damage and the cost of lost business.
“Data breaches and the implications associated continue
to be an unfortunate reality for today’s businesses,” said
Dr. Larry Ponemon. “Year-over-year we see the
tremendous cost burden that organizations face
following a data breach. Details from the report illustrate
factors that impact the cost of a data breach, and as part
of an organization’s overall security strategy, they
should consider these factors as they determine overall
security strategy and ongoing investments in technology
and services.”
Download Full Reports & Register for the Webinar
To download the 2017 Cost of a Data Breach Study:
Global Overview, visit https://www.ibm.com/security/
data-breach/
Country-specific reports are also available for: the
United States, United Kingdom, Germany, Australia,
France, Brazil, Japan, Italy, India, the Arabian region
(United Arab Emirates and Saudi Arabia), Canada, South
Africa, and, for the first time, the Southeast Asian region
(Singapore, Indonesia, the Philippines and Malaysia).
To explore and interact with findings from the 2017
report, please visit the IBM Security Data Breach
Calculator , an interactive tool that allows you to
manipulate report data and visualize the cost of a data
breach across locations and industries, and understand
how different factors affect breach costs.
To register to attend the IBM Security and Ponemon
Institute webinar “Understanding Today’s Security
Breaches: Ponemon Institute’s 2017 Cost of Data Breach
Study” that will be held on June 26, 2017 at 11:00 AM
EDT go to https://ibm.co/2ssR8qz .
About IBM Security
IBM Security offers one of the most advanced and
integrated portfolios of enterprise security products and
services. The portfolio, supported by world-renowned
IBM X-Force® research, enables organizations to
effectively manage risk and defend against emerging
threats. IBM operates one of the world’s broadest
security research, development and delivery
organizations, monitors 35 billion security events per
day in more than 130 countries, and has been granted
more than 3,000 security patents worldwide. For more
information, please check www.ibm.com/security , follow
@ibmsecurity on Twitter or visit the IBM Security
Intelligence blog .
-------------------------------
[1] Local currencies were converted to USD for the Global
study.
Contact(s) information
Kelly Kane
IBM Security Media Relations
+1-413-297-2668
kkane@us.ibm.com
Comentários
Postar um comentário