For the first time in seven years, both the organizational cost of data breach and the cost per lost or stolen record have declined. The organizational cost has declined from $7.2 million to $5.5 million and the cost per record has declined from $214 to $194. These according to the latest Ponemon study for Symantec that was released today. The study also found organizations which employ a chief information security officer who has enterprise-wide responsibility for data protection can reduce the cost of a data breach by 35 percent per compromised record. That is a decent ROI and good news all around.
The study examined 49 data breach cases with a range of nearly 4,500 to 98,000 affected records, from 14 different industries ranging from finance to retail and transportation. Larry Ponemon has been studying this issue for many years and does extensive interviews with the IT managers at the companies who have had breaches. This year he has extended his range to cover India and Italy along with several other countries too. This is the first time he has seen a decline in the cost for the exploits, which he claims is because organizations have gotten better prepared and are using a variety of protective technologies, such as data loss prevention monitoring equipment. Also helping were faster customer notification systems too: 41% notified their customer victims within a month of what happened.
More than a third of the breaches Ponemon studied were as a result of lost or stolen devices, including laptops or USB thumb drives that contained confidential or sensitive information.
As we wrote about last year, insider threats are still huge and their negligence is still the root cause – and biggest cost — of many breaches.
Symantec has a nifty data breach calculator that is based on more than seven years of trend data here that can be used to gather intelligence for improved security investments.