Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Security IBM Privacy IT

The Average Cost of a Data Breach Is Now $4 Million (helpnetsecurity.com) 51

Posted by msmash from the security-trend dept.
Reader Orome1 writes: The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to a report by Ponemon Institute. Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record -- a full $100 more than in 2013.
This discussion has been archived. No new comments can be posted.

The Average Cost of a Data Breach Is Now $4 Million More

The Average Cost of a Data Breach Is Now $4 Million

Comments Filter:

  • Could this be slightly overestimated? (Score:3)

    by dmomo ( 256005 ) on Thursday June 16, 2016 @02:45PM (#52330831)

    Because of this:

    "Work with IT or outside security experts to quickly identify the source of the breach and stop any more data leakage"

    I imagine this includes doing a security audit, and fixing any holes, which should be done regardless of a breach. Perhaps the breach even made it easier to find certain holes.

  • The "cost" of a breach is certainly high, but a lot of the time, these numbers are inflated. For example, do you calculate in the time of your own IT staff that you would be paying anyway ? Yesterday, because of an auto accident that slowed down my commute home, I lost almost $14,000. You see, I value my personal time at $7,000 an hour.

    • I value my personal time at $7,000 an hour.

      Oh well, small claims court can't help you collect then.

    • Yesterday, because of an auto accident that slowed down my commute home, I lost almost $14,000.

      My time is too valuable to waste driving on the freeway. I pay an extra $70 per month to take the express bus. Not only does it save me several hours of my time each day to have someone else drive, I get to read The Wall Street Journal in the morning and an ebook in the afternoon.

    • Re: (Score:3)

      by DarkOx ( 621550 )

      do you calculate in the time of your own IT staff that you would be paying anyway

      and they answer should be 'yes'.

      Presumably your IT staff would be doing something else to facilitate the operation of the business that justifies the on going expense of having them on board, otherwise you would not be paying them anyway. So if they are taken away from those activities to respond to the breach either you are incurring losses at least equal to the cost of those employees elsewhere where they can no longer add value; or you have to incur probably greater costs hiring contractors to replace

    • You're paying the IT staff to clean up after a data breach, rather than doing something productive that they normally do. For that reason, including the labour costs of your own IT dept is the correct thing to do in calculating the costs of a breach.

      Think about it this way: You run a company that makes windows. You pay a couple of dozen guys to cut glass, cut frames, assemble the parts, etc. One morning, you come into your office and realize that overnight some hooligans have smashed all the windows in

      • You're paying the IT staff to clean up after a data breach, rather than doing something productive that they normally do.

        Like maintaining the company WoW server or surfing Slashdot?

  • Should be higher (Score:3)

    by campuscodi ( 4234297 ) on Thursday June 16, 2016 @03:04PM (#52330963)
    Should be higher. That way companies would fix their s***!

    • IT security budget is the first in line when execs start doing budget cuts. Pre-emptive security measures just don't seem to be on their agenda these days (and it never really was). It's hard to justify to investors why the company is spending money on 'non-productive' work. I've found countless serious security issues in IT systems over the years and the only place where they really cared about them was when I worked in government IT, believe it or not.

  • > representing a 29 percent increase since 2013, according to a report by Pokemon Institute.

    In they past they would have sent out Pikachu and a Sqirtle to destroy the hackers. These days they sit around in an institute writing studies. Sad.

    • > representing a 29 percent increase since 2013, according to a report by Pokemon Institute (...) to destroy the hackers

      Catch. Gotta catch them all. Not destroy them!

      • > representing a 29 percent increase since 2013, according to a report by Pokemon Institute (...) to destroy the hackers

        Catch. Gotta catch them all. Not destroy them!

        Times change.

  • The more data you warehouse, and the more valuable that data is, the more interested in breaching your security the hackers of the world are.

    But of course, these businesses will never consider this risk as an itemized business cost, and will just greedily sequester more and more data, while continuing to pay lipservice to network security.

    And then, when the hackers clean them out, they pout about needing more onerous antihacking laws.

    Better idea: Don't mass warehouse data, or, if you decide to do so, keep t

    • Re: (Score:2)

      by DarkOx ( 621550 )

      The more data you warehouse, and the more valuable that data is, the more interested in breaching your security the hackers of the world are.

      Yes to some degree. I do thing data obeys the lows of entropy in that it flows from high concentration to lower concentration, the more data you have the greater the effort required to store, and control access to it.

      Better idea: Don't mass warehouse data, or, if you decide to do so, keep that data isolated from your internet facing network, and pay for proper security featuring penetration testing and security auditing.

      The latter part but not the first part. The data is only useful if the right people can access it. Availability is part of the security triad. If your analysts have to take a bus to a special building on your campus and provide a blood sample to look at the database: they won't. You won't g

  • make each nation an isolated internet, and if a foreign country wants to make their content available to another country they can pay for the service in that other country to host content, that will stop those hacks from foreign country's dead in their tracks, and cyber-security can focus on domestic cyber crime

  • Modern computer security is the equivalent of implementing bank security by distributing all the money from the vault into the cash registers of every store in a mall, and then hiring an army of mall cops to patrol all the cash registers.

    IT professionals are the "mall cops" in this scenario, and unsurprisingly they keep telling us that we need to hire more mall cops and buy them all really nice Segways.

Slashdot Top Deals

Intel CPUs are not defective, they just act that way. -- Henry Spencer

Close