skip to main content
Back to all blog posts

Posted in: Data Security/Privacy

Aug 10, 2016

Has your Company Suffered a Data Breach? Expect to Lose $6.03 Million on Average

By Aaron Baer

There are 6.03 million reasons for organizations to protect their databases from cyber-attacks. The 2016 Cost of Data Breach Study (the "Study"), produced by IBM and the Ponemon Institute, serves as a sharp reminder for organizations to continue to bolster their data security initiatives. According to the Study, the average cost of a data breach is up 12.5% over the past year, from $5.32 million to $6.03 million. Adding to the concern, there is a 26% chance of a material data breach involving at least 10,000 lost or stolen records occurring within the next 2 years.

The Study examined the costs sustained by 24 Canadian companies from 11 different sectors over a 12-month period. Organizations that suffered a catastrophic number of breached records (more than 100,000 lost or stolen records) were omitted from the Study in an effort to provide representative results. This means, for example, that the massive data breach suffered by Ashley Madison was not accounted for in this study.

Some key findings:

  • The average number of breached records among the participating companies was 21,200, at an average cost of $278 per lost or stolen record.
  • Malicious and criminal activity is the leading cause of data breaches - accounting for 54% of all breaches. Such activity takes the most time to detect and contain: an average of 239 days, a sharp contrast to the 170 days for breaches caused by human error. Unsurprisingly, the Study confirmed that the longer it takes an organization to identify and contain a breach, the more costly the breach becomes.
  • Data breaches caused by extensive migration to the cloud, third party errors, or lost or stolen devices lead to well above average costs of $300.05 per lost or stolen record. These costs include both indirect expenses - which include the amount of time, effort and other organizational resources spent on resolving the breach - and direct expenses.
  • One of the most significant financial impacts for organizations that have suffered a data breach is the loss of business suffered by breached organizations. This category includes abnormal customer turnover, increased customer acquisition activities, reputation losses, and diminished goodwill. Loss of business alone makes up more than 37% of the total cost incurred as a result of a breach. On average, a data breach costs an organization $2.24 million in lost business.

However, not all is doom and gloom. The Study identified certain factors that reduced the cost of a data breach. Organizations that had incident response teams and plans, employee training programs, board-level involvement and participation in threat sharing, and used extensive encryption decreased costs by as much as $25 per lost or stolen record, reducing the average cost per lost or stolen record to $253. While organizations have always been well aware of the qualitative reasons to prevent data breaches, the Study helps quantify the importance for organizations to invest in preemptive measures that reduce vulnerability and mitigate costs if breaches occur.

Related Categories

Related Blogs

Posted in: Privacy | Court Decision | Data Security/Privacy

Insights TheSpotlight
Texting and the Expectation of Privacy By Donald B. Johnston Dec 11, 2017 The Supreme Court of Canada published an important judgment on December 8, 2017, concerning whether or not Canadians have the right to expect that their texting conversations will remain private. Interestingly, the judgment of the court was split – which shows that even the cleverest lawyers can ...

Posted in: Privacy | Data Security/Privacy

Insights TheSpotlight
Equifax Breach - The Breach That Will Keep on Giving By Paige Backman and Meghan A. Cowan Sep 14, 2017 At this point, if you haven’t heard of the Equifax data breach, it could only be because you have rightfully been glued to the coverage of (or living through) Hurricane Irma, Harvey or Jose. On September 7, 2017, Equifax revealed that it was the subject of a cybersecurity breach over the s...

Posted in: Data Protection | Privacy | Data Security/Privacy

Insights TheSpotlight
Ontario Court of Appeal Established New Privacy Rights – Utility Consumption Data and Grow Ops By Paige Backman Aug 21, 2017 If you are a utility monitoring consumption data, think twice before providing any of that information to the police. You may need to ensure the police first provide you with a warrant or other judicial authorization specifically requesting the information. The Ontario Court of Appeal, distinguis...