Average corporate cost of data breach up to $3.5m

The average cost of a data breach is up 15% since last year, heightening client risk, says a new Ponemon Institute report.



Add another item to the already staggering amount of fodder insurance agents have when pitching cyber insurance to their commercial clients. According to a recently released study from the Ponemon Institute, the average cost of a corporate data breach is up to $3.5 million—a 15% increase since last year.

And if it helps to boil that down to per-record cost, researchers associated with the ninth annual Cost of Data Breach Study: Global Study found that each stolen record containing confidential information costs a company an average $145. That’s up 9% since last year.

The data is based on interviews conducted with IT, compliance and information security professionals from 314 organizations in 10 countries. Kris Lovejoy, General Manager of IBM’s Security Services Division, said the results reflect just how available sensitive data has become.

“Clearly cybersecurity threats are a growing concern for businesses, especially when we consider how persistent data has become in the age of cloud and mobility,” Lovejoy said. “A data breach can result in enormous damage to a business that goes way beyond the financials. At stake is customer loyalty and brand reputation.”

According to the research, malicious code and sustained probes are the greatest threat to company data security. Those interviewed estimated that they will be dealing with an average 17 malicious codes each month along with an average 12 sustained probes.
Interested in expanding your cyber book of business? Download IBA's free client fact sheet here.

The most costly data breaches occurred in the US and Germany, where companies paid an average $201 and $195 per compromised record, respectively. Companies in Brazil and India, by contrast, paid the least to recover from the costs of stolen records—just $60 and $77 each, respectively.

Unfortunately, just 38% of companies reported having a security strategy to protect its IT infrastructure. Even those who are taking action report having “low or no confidence” they are making the right investments in technologies, procedures and insurance used to mitigate threats.

With companies saying they have set aside $7 million over the next 12 months to enhance their organizations cyber security strategy, producers must position themselves as experts to access a piece of that pie. Insurance, after all, is a vital part of a company’s defensive strategy.

“Insurance is usually Plan X when it comes to data security. It’s no substitute for having appropriate IT protocols in place and enforcing them,” said Greg Polodak, a partner with the law firm Saxe, Doernberger and Vita. “However, just like with any exposure, you need insurance there as a backstop. These costs can climb really quickly.”

You may also enjoy: "FTC can sue companies over data breaches, court says"
"4 misconceptions that could sink your cyber sales"
"The 6 hottest cyber markets in 2014"

Keep up with the latest news and events

Join our mailing list, it’s free!