Despite rising global awareness of data breaches in various industries, organizations experienced an increase in the number of days to identify a data breach over the last fiscal year. According to a new study conducted by the Ponemon Institute and published by IBM, it takes an average of 197 days for a company to identify a breach – up six days from 2017 – and an average of 69 days to contain it (which also showed a three-day increase from 2017).
“We attribute the increase in days to the growth in the use of IoT devices, extensive use of mobile platforms, increased migration to the cloud and compliance failures,” study authors said in 2018 Cost of Data Breach Study: Impact of Business Continuity Management.
This year’s study included 2,634 employees from 477 companies in 17 industries in 13 countries and two regions. The study found that the average total cost of a data breach in 2018 is $3.86 million; $1.45 million is attributable to the most-costly component, which is lost business cost. The least expensive component is data breach notification at $0.16 million.
Ponemon also included a framework for measuring the cost of mega breaches, which are breaches involving at least 1 million compromised records. There is also a special analysis of the cost to recover from a data breach.
Some notable findings include:
- The average cost per compromised record at the surveyed organizations was $148 in fiscal year 2018, up from $141 in 2017 but down from $158 in 2016.
- The larger the data breach, the less likely the organization will have another breach in the next 24 months.
- Healthcare organizations took an average of 55 days to detect a breach, but 1,037 days to contain it.
To download IBM’s survey, click here.
Justin Smulison wrote this post.