The 2019 Cost of a Data Breach Report from Ponemon Institute is now available.

Today, I am pleased to announce the release of the 2016 Cost of Data Breach report in partnership with IBM Security. Every year, we report on the findings from our survey of organizations worldwide — this year in 383 companies across 16 industries and in 12 different countries.

In the global report published today, you will learn how our study quantifies the economic impacts of data breaches and observes cost trends over time. Our goal in this annual research is to help people understand the costs associated with data breach incidents.

Seven Data Breach Lessons

Over the many years of studying the data breach experiences of more than 2,000 organizations, the research has revealed the following seven megatrends:

  1. Data breaches are now a consistent cost of doing business in the cybercrime era. The evidence showed that this is a permanent risk organizations need to be prepared to deal with. It needs to be incorporated into data protection strategies.
  2. The biggest financial consequence to organizations that experienced a data breach is lost business. Following a breach, enterprises need to take steps to retain customers’ trust to reduce the long-term financial impact.
  3. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
  4. Organizations recognize that the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a threat.
  5. Highly regulated industries such as health care and financial services have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers.
  6. Improvements in data governance initiatives will reduce the cost of data breach. Incident response plans, the appointment of a CISO, employee training and awareness programs and a business continuity management strategy result in cost savings.
  7. Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year’s study revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

Download the latest Cost of a Data Breach Report from Ponemon Institute

More from Security Services

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

Ermac malware: The other side of the code

6 min read - When the Cerberus code was leaked in late 2020, IBM Trusteer researchers projected that a new Cerberus mutation was just a matter of time. Multiple actors used the leaked Cerberus code but without significant changes to the malware. However, the MalwareHunterTeam discovered a new variant of Cerberus — known as Ermac (also known as Hook) — in late September of 2022.To better understand the new version of Cerberus, we can attempt to shed light on the behind-the-scenes operations of the…

ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware

12 min read - As of December 2023, IBM X-Force has uncovered multiple lure documents that predominately feature the ongoing Israel-Hamas war to facilitate the delivery of the ITG05 exclusive Headlace backdoor. The newly discovered campaign is directed against targets based in at least 13 nations worldwide and leverages authentic documents created by academic, finance and diplomatic centers. ITG05’s infrastructure ensures only targets from a single specific country can receive the malware, indicating the highly targeted nature of the campaign. X-Force tracks ITG05 as…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today