The 2018 Ponemon Institute Study
The Ponemon Institute LLC is involved in independent research and education dealing with data protection and information and privacy management practices. The 2018 Cost of a Data Breach Study is based on research sponsored by IBM Security and presents a global overview of data breach costs based on interviews with over 2000 IT, data protection and compliance professionals. 17 industries were included in this year’s study representing financial, services, industrial and manufacturing companies.
While much of this study is focused on Canadian statistics, the cost estimates for data breaches and the identification of factors that lead to an increase or decrease in costs for a data breach can be generally applied to companies in the United States and other countries.
Globally, this study estimates the average cost of a data breach at US $3.86 million which is an increase of over 6% from the 2017 study.
On leading factors that increase costs in a data breach, the study identified the following:
- Involvement of third parties;
- Extensive cloud migration;
- Compliance failures;
- Extensive use of mobile platforms;
- Lost or stolen devices and too quick to notify
On leading factors that decrease costs in a data breach, the study identified the following:
- Company had an incident response team;
- Company extensively used encryption;
- Involvement of business continuity management;
- Training of employees;
- Participating in sharing of threat information and involvement of Board of Directors and organizations that appointed a chief information systems officer;
This study finds that data breaches continue to be costlier and result in more consumer records being lost or stolen each year. This study also estimates that the likelihood of a reoccurring material breach over the next two years is 27.9%.
The Ponemon Institute study should prove very useful to SGR clients in guiding them to better decisions on resource allocation and to mitigate financial consequences from data breaches.