Released earlier this month, the 2018 Cost of a Data Breach Study from the Ponemon Institute breaks down precisely what lost and stolen records could cost companies this year. So, there could be no better time to chat with Dr. Larry Ponemon, founder of the Ponemon Institute, about historical highlights of the annual study, how things have changed in the last decade and what’s next for corporate data breaches and cybersecurity overall.
True Tales From the 2018 Cost of a Data Breach Study
For 13 years, the Ponemon Institute study has helped companies conceptualize the real price of compromised data. For Ponemon, a Navy veteran with encryption experience, a Ph.D. in accounting and time as a tenured professor, his work on the report has provided more than a few tales to tell.
Highlights include an investment management company that lost just a few thousand records — but had a per-record cost of $10,000. Why? Because the records were taken by a high-ranking employee who switched jobs and prompted a firestorm of VIP client criticism.
Also up for discussion? The organization that was convinced it couldn’t suffer a data breach because it had a “culture of privacy.” Not only did some of the company’s information end up on the darknet, but the culprits were malicious insiders.
What’s New? Mega Breaches, AI and IoT
Ponemon notes that while most companies now understand the scope and impact of data breaches, that wasn’t the case when the first study was released. In fact, many believed breaches had no significant impact on their bottom line so long as there was no measurable stock fallout.
The 2018 study covers 477 organizations and, for the first time this year, includes data on “mega breaches.” While the per-record cost remains consistent at $148, large-scale breaches in the 50 million-record range could cost companies over $350 million.
New technologies, such as artificial intelligence (AI) and the Internet of Things (IoT), also have an impact. For example, companies with an AI platform experience a reduction in per-record cost, while those using IoT devices — which often have access to personal information — face a total cost increase.
Why the Cost of a Data Breach Could Rise
According to Ponemon, the key factors leading to increased data breach costs include stealthier attacks that are often misidentified and the expectation of new legislation, such as the General Data Protection Regulation (GDPR).
Going forward, he predicts a sharp rise in the cost of breach notification — potentially up 10 times over the next few years. But it’s not all bad news: AI and automation should help companies get better at detecting data breach threats and help them reduce their overall impact.
Listen to the podcast now for more insights and anecdotes, and don’t forget to download the complete 2018 Cost of a Data Breach Study.
If you enjoyed listening, please consider rating the podcast or leaving your feedback on iTunes or wherever you listen.