2017 data breaches: good and bad

At the beginning of every year the Ponemon Institute releases a study on data breaches for the previous year. IBM Security has sponsored the study the last few years and this year is no different. 419 companies across 13 countries were interviewed that includes the US, the UK, Germany, Australia, France, Brazil, Japan, Italy, India, Canada, South Africa, the Middle East (includes UAE and Saudi Arabia), and the ASEAN region (Singapore, Indonesia, the Philippines, Malaysia). The overall results are disappointing and equally hopeful, so it’s safe to say that the 2017 data breaches show the good and bad of what companies are doing with their security programs.Study summary:

  • $3.62 million is the average total cost of a data breach
  • 10% one-year decrease in the average total cost
  • $141 is the average cost per lost or stolen record
  • 11.4% one-year decrease in the per capita cost
  • 27.7% is the likelihood of a recurring material data breach over the next two years
  • 2.1% increase in the likelihood of a recurring material data breach

A positive finding of the data breach study is that organizations reduced the amount of time they took to respond to and contain an intrusion. In 2016, the number of days to identify a breach was 201 days while 2017 saw a drop in the number of days to identify a breach to 191 which correlates to the reduced cost of a breach. The average numbers of days that it took to contain an attacker went from 70 in 2016 to 66 days in 2017 which also contributes to the decrease in the average total cost of a breach.

One of the valuable insights from the study shows that a malicious insider is a costlier breach than a system error or negligence. 47% of the companies interviewed identified the cause of their breach as a criminal attack with an average cost of $156 per record while system errors and negligence cost an average of $127 per record. What’s interesting is that the average of the total number of records stolen globally went up 1.8% from 2016.

You can read the full report here.