Content Assessment: SOARing Costs? Considering Data Economics
Information - 95%
Insight - 95%
Relevance - 95%
Objectivity - 95%
Authority - 100%
A short percentage-based assessment of the qualitative benefit of the post highlighting the July 2020 published report of data breach costs by the Ponemon Institute.
Editor’s Note: Based on the increased pulse rate of reported data breaches in today’s connected world, more organizations than ever before are evaluating and investing in security orchestration, automation, and response (SOAR) solutions to help minimize costs and mitigate risks associated with breach detection and response times. As data and legal professionals operating in the eDiscovery ecosystem seek to understand the market impact and opportunities driven by the cost of data breaches, they may benefit from the salient cybersecurity-centric research shared in the Cost of Data Breach Report 2020 as prepared by the Ponemon Institute and published in July of 2020 by IBM Security.
Cost of a Data Breach Report 2020 (Ponemon Institute)
Selected Data Points from the Report
Consisting of analysis from 524 organizations that experienced data breaches between August 2019 and April of 2020, the Cost of Data Breach Report 2020 from the Ponemon Institute shares key information, findings, and data points harvested from more than 3,200 interviews on areas ranging from global data breach costs to data breach lifecycles in influential countries and industry sectors. Eight data point areas from the 2020 report that may benefit those considering and constructing cost and opportunity models for data breach-related data and legal discovery offerings are highlighted below for consideration.
- The average cost of a global data breach was $3.86 million. However, the total cost of a data breach in the United States was $8.64 million.
- Data breach average total costs generally can be divided into four categories. Those categories being lost business costs, detection and escalation costs, notification costs, and ex-post responses.
- Lost business continued to be the largest contributing cost factor of a global data breach, accounting for nearly 40% of the average total cost of a data breach—this amount equated to approximately $1.52 million per data breach. However, lost business from a data breach in the United States, using the 40% business loss benchmark, equated to approximately $3.45 million per data breach.
- The average cost of a global data breach across seventeen industry sectors ranged from $7.13 million for the healthcare industry, the highest of all sectors, to $1.08 million for public sector organizations. Healthcare, energy ($6.39 million), financial ($5.85 million), pharma ($5.06 million), and technology ($5.04 million) sectors were the five sectors with the highest cost per data breach.
- Customer’s personally identifiable information (PII) was the most frequently compromised type of record, and the costliest in the data breaches studied. The average cost per compromised record containing PII was $150. Additional costs per record of compromised data include other corporate data ($149), intellectual property ($147), anonymized customer data ($143), and employee PII ($141).
- The average time to identify and contain a data breach globally was 207 days to identify a breach and 73 days to contain a breach, for a total time of 280 days. In the United States, the average time to identify and contain a data breach was 186 days to identify a breach and 51 days to contain a breach, for a total time of 237 days.
- Incident response (IR) preparedness was the highest cost saver for businesses. The average cost of a data breach for companies with an IR team and a tested IR plan was $3.29 million. This average cost was $2.0 million lower than experienced by companies with neither an IR team nor a tested IR plan.
- Types of costs recovered using cybersecurity insurance include but are not limited to consulting and legal services, restitution to victims, regulatory fines, recovery technology, and ransomware and extortion. In these cost recovery areas, 51% of organizations with cyber insurance used claims to cover third-party consulting and legal services costs.
For more information from one of the leading benchmark tools in the cybersecurity industry, the Cost of Data Breach Report 2020, you can access, consider, and download the complete report from IBM Security at https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/.
- An EDPB Update: Guidelines on Examples Regarding Data Breach Notification
- A New Model for Cybersecurity? NIST Details Framework for Zero Trust Architecture