The average consolidated total cost of a data breach has risen 23% since 2013 to $3.8 million, according to Cost of Data Breach, a study of 350 companies from 11 countries released by Ponemon Institute.
The average cost for each lost or stolen record containing sensitive and confidential information increased from $145 in 2014 to $154 in this yearâ€™s study. Some 47% of all breaches were caused by malicious or criminal attacks. Previously, these attacks represented 42% of the root causes of a data breach.
Cyber-attacks have increased both in frequency and in the cost to remediate the consequences, according to the study. The cost of malicious or criminal breaches rose from $159 last year to $170 per record.
Â Lost business due to data breaches, the most severe financial consequence, is also costing companies more. The cost rose from a total average of $1.33 million last year to $1.57 million in 2015, including the abnormal turnover of customers, increased customer acquisition activities, reputation loss and diminished goodwill. Growing awareness of identity theft and consumersâ€™ concerns about the security of their personal data following a breach has contributed to the rise, the document shows.
Data breach costs associated with detection and escalation, including investigations, assessment and audit services, crisis team management and communications to executive management and directors, also increased. This total average cost rose from $760,000 last year to $990,000 this year.
â€œIn the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyberattacks,â€ the study authors said. â€œHowever, there is a growing concern about the potential damage to reputation, class action lawsuits and costly downtime that is motivating executives to pay greater attention to the security practices of their organizations.â€
In a recent Ponemon Institute study, 79 percent of C-level US and UK executives surveyed said executive involvement is necessary for effective incident response to a data breach and 70 percent said board oversight is critical.
Data breaches cost most in the US and Germany, with an average total organizational cost of $6.5 million in the US and $4.9 million in Germany. The US and Germany also spend the most to resolve a malicious or criminal attack – $230 and $224 per record, respectively. Canada and Germany are least likely to suffer a data breach.
Some 82% of UK companies suffered an information security breach last year, and the damage inflicted by the worst breaches has more than doubled, as hotforsecurity.com has reported.