SOARing Costs? Considering Data Breach Economics

Consisting of analysis from 524 organizations that experienced data breaches between August 2019 and April of 2020, the Cost of Data Breach Report 2020 from the Ponemon Institute shares key information, findings, and data points harvested from more than 3,200 interviews on areas ranging from global data breach costs to data breach lifecycles in influential countries and industry sectors.

en flag
nl flag
et flag
fi flag
fr flag
de flag
pt flag
ru flag
es flag

Content Assessment: SOARing Costs? Considering Data Economics

Information - 95%
Insight - 95%
Relevance - 95%
Objectivity - 95%
Authority - 100%

96%

Excellent

A short percentage-based assessment of the qualitative benefit of the post highlighting the July 2020 published report of data breach costs by the Ponemon Institute.

Editor’s Note: Based on the increased pulse rate of reported data breaches in today’s connected world, more organizations than ever before are evaluating and investing in security orchestration, automation, and response (SOAR) solutions to help minimize costs and mitigate risks associated with breach detection and response times. As data and legal professionals operating in the eDiscovery ecosystem seek to understand the market impact and opportunities driven by the cost of data breaches, they may benefit from the salient cybersecurity-centric research shared in the Cost of Data Breach Report 2020 as prepared by the Ponemon Institute and published in July of 2020 by IBM Security. 

Cost of a Data Breach Report 2020 (Ponemon Institute)

Selected Data Points from the Report

Consisting of analysis from 524 organizations that experienced data breaches between August 2019 and April of 2020, the Cost of Data Breach Report 2020 from the Ponemon Institute shares key information, findings, and data points harvested from more than 3,200 interviews on areas ranging from global data breach costs to data breach lifecycles in influential countries and industry sectors. Eight data point areas from the 2020 report that may benefit those considering and constructing cost and opportunity models for data breach-related data and legal discovery offerings are highlighted below for consideration.

  • The average cost of a global data breach was $3.86 million. However, the total cost of a data breach in the United States was $8.64 million.
  • Data breach average total costs generally can be divided into four categories. Those categories being lost business costs, detection and escalation costs, notification costs, and ex-post responses.
  • Lost business continued to be the largest contributing cost factor of a global data breach, accounting for nearly 40% of the average total cost of a data breach—this amount equated to approximately $1.52 million per data breach. However, lost business from a data breach in the United States, using the 40% business loss benchmark, equated to approximately $3.45 million per data breach.
  • The average cost of a global data breach across seventeen industry sectors ranged from $7.13 million for the healthcare industry, the highest of all sectors, to $1.08 million for public sector organizations. Healthcare, energy ($6.39 million), financial ($5.85 million), pharma ($5.06 million), and technology ($5.04 million) sectors were the five sectors with the highest cost per data breach.
  • Customer’s personally identifiable information (PII) was the most frequently compromised type of record, and the costliest in the data breaches studied. The average cost per compromised record containing PII was $150. Additional costs per record of compromised data include other corporate data ($149), intellectual property ($147), anonymized customer data ($143), and employee PII ($141).
  • The average time to identify and contain a data breach globally was 207 days to identify a breach and 73 days to contain a breach, for a total time of 280 days. In the United States, the average time to identify and contain a data breach was 186 days to identify a breach and 51 days to contain a breach, for a total time of 237 days.
  • Incident response (IR) preparedness was the highest cost saver for businesses. The average cost of a data breach for companies with an IR team and a tested IR plan was $3.29 million. This average cost was $2.0 million lower than experienced by companies with neither an IR team nor a tested IR plan.
  • Types of costs recovered using cybersecurity insurance include but are not limited to consulting and legal services, restitution to victims, regulatory fines, recovery technology, and ransomware and extortion. In these cost recovery areas, 51% of organizations with cyber insurance used claims to cover third-party consulting and legal services costs.

For more information from one of the leading benchmark tools in the cybersecurity industry, the Cost of Data Breach Report 2020, you can access, consider, and download the complete report from IBM Security at https://www.ibm.com/security/digital-assets/cost-data-breach-report/#/.

Additional Reading

Source: ComplexDiscovery

 

Have a Request?

If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.

ComplexDiscovery is an online publication that highlights cyber, data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding cyber, data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of cyber, data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

Joint Cybersecurity Advisory from the CISA, FBI, and NSA on BlackMatter Ransomware

This Joint Cybersecurity Advisory from the CISA, FBI, and NSA provides...

Keeping Secrets? Ransomware Trends in Bank Secrecy Act Data Between January 2021 and June 2021

According to a recently published report, the U.S. Treasury's Financial Crimes...

A Geographical Depiction: Ransomware Attacks in the United States Between 2018 and Today

Published by Comparitech, a pro-consumer website providing information, tools, reviews, and...

Recommendations for Mitigating the Risk of Software Vulnerabilities: NIST Secure Software Development Framework

This draft document from NIST on a proposed secure software development...

Consilio Completes Acquisition of Legal Consulting and eDiscovery Business Units of Special Counsel from Adecco

According to Andy Macdonald, CEO of Consilio, “Consilio’s acquisition of D4...

Cellebrite to Acquire Digital Clues

According to Cellebrite CEO Yossi Carmil, “We are pleased to announce...

iCONECT Acquires Ayfie Inspector Artificial Intelligence Codebase

According to Ian Campbell, CEO of iCONECT, “Direct access to the...

eDiscovery Mergers, Acquisitions, and Investments in Q3 2021

From Ipro and Disco to Nuix and Lighthouse, the following findings,...

A New Era in eDiscovery? Framing Market Growth Through the Lens of Six Eras

There are many excellent resources for considering chronological and historiographical approaches...

An eDiscovery Market Size Mashup: 2020-2025 Worldwide Software and Services Overview

While the Compound Annual Growth Rate (CAGR) for worldwide eDiscovery software...

Resetting the Baseline? eDiscovery Market Size Adjustments for 2020

An unanticipated pandemeconomic-driven retraction in eDiscovery spending during 2020 has resulted...

Home or Away? New eDiscovery Collection Market Sizing and Pricing Considerations

One of the key home (onsite) or away (remote) decisions that...

Five Great Reads on Cyber, Data, and Legal Discovery for September 2021

From countering ransomware to predictive coding and packaged services, the September...

Five Great Reads on Cyber, Data, and Legal Discovery for August 2021

From the interplay of digital forensics in eDiscovery to collecting online...

Five Great Reads on Cyber, Data, and Legal Discovery for July 2021

From considerations for cyber insurance and malware to eDiscovery business confidence...

Five Great Reads on eDiscovery for June 2021

From remediating cyberattacks to eDiscovery pricing, the June 2021 edition of...

Harvest Time? eDiscovery Operational Metrics in the Fall of 2021

In the fall of 2021, 67 eDiscovery Business Confidence Survey participants...

Unseasonably Hot? Fall 2021 eDiscovery Business Confidence Survey Results

Since January 2016, 2,595 individual responses to twenty-four quarterly eDiscovery Business...

More Keepers? Predictive Coding Technologies and Protocols Survey – Fall 2021 Results

From the most prevalent predictive coding platforms to the least commonly...

Glowing Expectations? Eighteen Observations on eDiscovery Business Confidence in the Summer of 2021

In the summer of 2021, 63.3% of survey respondents felt that...