News Feature | July 13, 2016

Stolen Records Cost Providers $355 Each

Katie Wike

By Katie Wike, contributing writer

money-healthcare

The cost of data breaches is certainly high, but a recent report from the Ponemon Institute says the real cost is an average of $355 for each stolen record. 

By Katie Wike, contributing writer 

In 2015, Health IT Outcomes reported healthcare data breaches were costing the industry over $6 billion annually, and the Ponemon Institute noted cyber criminals had increased their attacks by 125 percent. Now, the Ponemon Institute’s latest report shows the situation has not improved in 2016. 

“Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent 'cost of doing business' in the cybercrime era,” said Dr. Larry Ponemon in an announcement. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.” 

The Cost of A Data Breach Study claims the average consolidated total cost of a data breach grew from $3.8 million to $4 million. In addition, researchers calculated the cost per individual record is $355. Health IT Security notes that following the healthcare industry, education ($246) and finance ($221) had the next highest costs per stolen record. 

Detection time was a major factor influencing the total cost of a breach. The longer it takes for a provider to detect and contain a breach, the more costly it becomes. For example, breaches identified in less than 100 days cost companies an average of $3.23 million, yet breaches that were found after that time cost on average $4.38 million. 

The report also notes the causes of these breaches, specifically for 2016:

  • 48 percent of all incidents involved a malicious or criminal attack
  • 25 percent were caused by negligent employees or contractors (human factor)
  • 27 percent involved system glitches, including both IT and business process failures 

“The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don't have a plan in place to deal with this process efficiently,” said Ted Julian, Vice President, Resilient an IBM Company. “While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event.”