Data Breach and Loss Statistics

*According to data gathered from breached organizations.

How the data was lost matters

• Data breach incidents involving the loss or theft of data-bearing devices increased per record cost by as much as $18 per record.
• Data loss resulting from a malicious or criminal attack yielded the highest cost at an average of $246 per compromised record, followed by system glitches and employee mistakes resulting in a average per record cost of $171 and $160, respectively.
• The same data shows malicious or criminal attacks as the most frequently encountered root cause of data breaches by organizations.
• Forty-four percent of respondents stated the main cause of data breach was a malicious or criminal attack against the organization.
• Thirty-one percent of organizations say employee negligence (a.k.a. human factor) and 25 percent say system glitches were the main causes of the data loss.

Your customers matter - In 2014, the cost of lost business from a data breach increased from $3.03 million to $3.2 million.

These costs include:

• Abnormal turnover of customers (a higher than average loss of customers for the industry or organization);
• increased customer acquisition activities;
• reputation losses and diminished goodwill.

Research reveals that abnormal churn or turnover of customers after data breaches may be a main driver in data breach cost. In fact, the average abnormal consumer churn rate between 2013 and 2014 increased 15 percent.

Your internal breach response team matters

• 2014 research reveals that having business continuity management involved in the remediation of the breach can reduce the cost by an average of $13 per compromised record.
• Organizations with a strong security posture or a formal incident response plan in place prior to the incident can reduce the average cost of a breach as much as $21 and $17 per record,respectively.
• Research shows that appointing a CISO to lead a data breach incident response team can reduce per record cost by $10.
• Organizations that notified customers too quickly without a thorough assessment or forensic examination, incurred an average cost increase of $15 more per record.

Your partners matter

• Research shows that data breaches caused by your vendors or other third parties can increase per record cost by $25.

What else did Kroll see³?

• 31% of Kroll’s data breach response cases in 2014 were not malicious, but due to simple yet costly mistakes.
• The majority of these accidental breaches were made by internal employees who exposed data in both electronic (66%) and paper form (29%).
• 23% of Koll’s data breach response cases in 2014 involved unauthorized access to data.
• While “unauthorized access” is often associated with a Healthcare HIPPA privacy and security violation, in 2014, Kroll data revealed that our “general business” clients experienced their highest number of unauthorized access cases (27%) to date.
• In 2014 18% of Kroll’s data breach response cases were due to hacking - 30% in Healthcare, 20% in Education, and 18% in Retail.
• While almost half of our data breach response cases (48%) in 2014 involved electronic data, almost one quarter (24%) involved paper or non-electronic data.
  
   

Sources:
¹ National Conference of State Legislatures
² Ponemon Institute, 2018 Annual Study: U.S. Cost of a Data Breach.
³ Kroll internal data