Data Breaches Are Costing Us More Every Year

Once more unto the (data) breach, dear friends

Photo Illustration: R. A. Di Ieso
Jun 16, 2016 at 1:37 PM ET

It feels like there’s another massive data breach announced every day. In the past month alone, we’ve learned of major hacks targeting Tumblr, LinkedIn, and now the Democratic National Committee. It’s such a common phenomenon that it can seem boring—except that it’s costing our economy billions.

A new report from IBM and the Ponemon Institute reveals that a decent-sized data breaches costs a U.S.-based company an average of $7.01 million, more than anywhere else in the world. Over the course of the past 10 years, that number has nearly doubled. The cost per lost or stolen record is at an all-time high ($221 per record in the U.S.), driving up companies’ overall costs. In 2016, the average breach contained nearly 30,000 individual records.

“Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” Dr. Larry Ponemon of the Ponemon Institute said in a press release. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

A major reason why these events are so costly, the report says, is the slow response time. In another Ponemon study, it was discovered that as many as 60 percent of companies do not have a cybersecurity incident response plan, despite the fact that data breaches are more a matter of “when” than “if” today. Additionally, 50 percent of businesses are not training staff and new hires on data protection and/or privacy awareness. Not that it’s just noobs causing problems for their employers—another recent study found that senior managers are typically the worst protectors of secure information.

Fortunately, the report also indicates that companies are spending more on detecting, investigating, and managing crisis teams, reflective of a growing awareness for this need. Since 2006, the amount spent on detection and escalation has more than tripled. However, fewer companies are learning from data breaches when they happen in order to prevent these events from happening again in the future.

More Cheaters, Kids And Feds: 2015 Data Breaches Didn’t Discriminate

When it comes to the cost of data breaches, what industry you’re in matters. The cost per stolen healthcare record, for instance, is $402, nearly twice the national average. The cost is linked to how tightly the industry is regulated, and also how likely it is that a breach will result in lost customers. In addition to being the most costly type of security breach, Americans consider breaches involving healthcare and medication data more sensitive than pretty much everything besides their social security number, Pew Research has found.