3 Reasons IT Security Breach Costs Keep Rising

By Ericka Chickowski 1

Last week the Ponemon Institute rolled out the results of yet another Global Cost of Data Breach report and, surprising very few people in the security world, the stats show costs rising again. Sponsored by IBM, the report benchmarked 350 companies across 11 countries. It found that the consolidated total cost of a breach has now risen to $3.8 million, about 23 percent higher than the figure back in 2013. They’re compelling statistics for anyone in the managed services world trying to offer customers justification for improved security coverage.

According to the report, there are three big factors that are contributing to the rising costs of breaches.

Attack volume is rising and attacks are messier to clean up

“Cyber attacks are increasing both in frequency and the cost it requires to resolve these security incidents,” explained Larry Ponemon, chairman and founder of Ponemon Institute.

In breaking down the root causes of benchmarked incidents, data breaches due to malicious or criminal attacks rose by five percentage points to 47 percent. Meanwhile, the cost of breaches cause by these attacks rose from $159 per record to $170.

Reputation damage is taking its toll

It may be one of the hardest figures to estimate, but Ponemon’s team believes lost business has one of the most severe potential financial consequences of all of those stemming from a breach.

“The financial consequences of losing customers in the aftermath of a breach are having a greater impact on the cost,” he says.

Based on an examination of things like abnormal turnover of customers, reputation losses, diminished goodwill and increased customer acquisition activities, Ponemon comes up with estimates on lost business costs. It estimates that it rose to $1.57 million on average from the previous estimate of $1.33 million.

According to the report this is likely a function of consumers’ growing awareness of identity theft and willingness to vote with their wallets when trusted brands fail to protect their personal information.

Incident response and forensics costs rose

Response and detection costs have increased for the past three years running, the report showed.

“More companies are incurring higher costs in their forensic and investigative activities, assessments and crisis team management,” Ponemon explains.

According to the report, in the past year, the average cost of detection and escalation costs rose by more than 25 percent. In many cases companies are investing in integrating forensic solutions into incident response procedures, which will help them with long-term analysis of root causes of their breaches. This is good and bad as the increase in tooling could expose bigger breaches, resulting in higher costs in years to come.