Light Dark
June 15, 2016 By Larry Ponemon 2 min read
Security Services
Data Protection
Incident Response
X-Force

The 2019 Cost of a Data Breach Report from Ponemon Institute is now available.

Today, I am pleased to announce the release of the 2016 Cost of Data Breach report in partnership with IBM Security. Every year, we report on the findings from our survey of organizations worldwide — this year in 383 companies across 16 industries and in 12 different countries.

In the global report published today, you will learn how our study quantifies the economic impacts of data breaches and observes cost trends over time. Our goal in this annual research is to help people understand the costs associated with data breach incidents.

Seven Data Breach Lessons

Over the many years of studying the data breach experiences of more than 2,000 organizations, the research has revealed the following seven megatrends:

  1. Data breaches are now a consistent cost of doing business in the cybercrime era. The evidence showed that this is a permanent risk organizations need to be prepared to deal with. It needs to be incorporated into data protection strategies.
  2. The biggest financial consequence to organizations that experienced a data breach is lost business. Following a breach, enterprises need to take steps to retain customers’ trust to reduce the long-term financial impact.
  3. Most data breaches continue to be caused by criminal and malicious attacks. These breaches also take the most time to detect and contain. As a result, they have the highest cost per record.
  4. Organizations recognize that the longer it takes to detect and contain a data breach, the more costly it becomes to resolve. Over the years, detection and escalation costs in our research have increased. This suggests investments are being made in technologies and in-house expertise to reduce the time to detect and contain a threat.
  5. Highly regulated industries such as health care and financial services have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers.
  6. Improvements in data governance initiatives will reduce the cost of data breach. Incident response plans, the appointment of a CISO, employee training and awareness programs and a business continuity management strategy result in cost savings.
  7. Investments in certain data loss prevention controls and activities such as encryption and endpoint security solutions are important for preventing data breaches. This year’s study revealed a reduction in cost when companies participated in threat sharing activities and deployed data loss prevention technologies.

Download the latest Cost of a Data Breach Report from Ponemon Institute

 |  |  | 
Larry Ponemon
Chairman and Founder, Ponemon Institute

More from Security Services
November 15, 2023

Pentesting vs. Pentesting as a Service: Which is better?

5 min read - In today's quickly evolving cybersecurity landscape, organizations constantly seek the most effective ways to secure their digital assets. Penetration testing (pentesting) has emerged as a leading solution for identifying potential system vulnerabilities while closing security gaps that can lead to an attack. At the same time, a newer entrant into the security arena is Pentesting as a Service (PTaaS). Although PTaaS shares some similarities with pentesting, distinct differences make them two separate solutions. This article will discuss how these methodologies…

October 12, 2023

How I got started: Attack surface management

4 min read - As the threat landscape multiplies in sophistication and complexity, new roles in cybersecurity are presenting themselves more frequently than ever before. For example, attack surface management. These cybersecurity professionals are responsible for identifying, mapping and securing all external digital assets an organization owns or is connected to. This includes servers, domains, cloud assets and any other digital points that could be exploited by cyber criminals. Their role involves continuously monitoring these assets for vulnerabilities, misconfigurations or other potential security risks…

October 6, 2023

X-Force uncovers global NetScaler Gateway credential harvesting campaign

6 min read - This post was made possible through the contributions of Bastien Lardy, Sebastiano Marinaccio and Ruben Castillo. In September of 2023, X-Force uncovered a campaign where attackers were exploiting the vulnerability identified in CVE-2023-3519 to attack unpatched NetScaler Gateways to insert a malicious script into the HTML content of the authentication web page to capture user credentials. The campaign is another example of increased interest from cyber criminals in credentials. The 2023 X-Force cloud threat report found that 67% of cloud-related…

October 5, 2023

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature