July 6, 2017 By Maria Battaglia 2 min read

What impact do security breaches have as the cyber landscape continues to evolve? IBM Security and the Ponemon Institute explore this question in their research: The 2017 Cost of a Data Breach Study. This annual study provides security leaders with an industry benchmark for assessing and mitigating their data breach risks.

What was one of the most significant findings? For the third year in a row, having an incident response (IR) plan stood out as the top factor for saving costs on data breaches for organizations across the globe.

Download the complete Ponemon Institute 2017 Cost of Data Breach Study

A Million Dollar Idea: Incident Response Plans

Having an IR plan deployed throughout the organization was found to be the most significant cost-saving strategy. An incident response plan and a fully functional team decreased the per capita cost of a data breach from $225 to $199. In fact, organizations that can contain a breach in less than 30 days can save roughly $1 million — not to mention what they save in negative brand impact.

What were the other attention-worthy findings in the study? Factors that save costs on data breaches are employee training, participation in threat sharing and having board-level involvement in the overall security process. However, failing to be compliant was one of the biggest drivers for increasing costs for the average data breach.

Moving Up: Positive Security Trends

The study also highlighted some positive security trends. The global average cost of a data breach is down 10 percent over previous years, from $4 to $3.62 million. The average cost for each lost or stolen record also significantly decreased from the year before, from $158 to $141.

What impacted these results? A strong U.S. dollar, which contributed to the decline in overall cost. Despite this drop, the cost of a breach in the U.S. went up from $7.01 to $7.35 million — an increase of 4.9 percent. Companies in the 2017 study also experienced larger breaches, with the average size of the data breaches increasing 1.8 percent.

To learn more about the average cost of a data breach, key factors that increase costs (and the strategies to keep them down), download the 2017 Cost of a Data Breach Study. For more on effective IR and cyber resilience, download our study, Cyber Resilience in the Modern SOC: Why Detection and Prevention Is Not Enough.

More from Incident Response

Why federal agencies need a mission-centered cyber response

4 min read - Cybersecurity continues to be a top focus for government agencies with new cybersecurity requirements. Threats in recent years have crossed from the digital world to the physical and even involved critical infrastructure, such as the cyberattack on SolarWinds and the Colonial Pipeline ransomware attack. According to the IBM Cost of a Data Breach 2023 Report, a breach in the public sector, which includes government agencies, is up to $2.6 million from $2.07 million in 2022. Government agencies need to move…

X-Force Threat Intelligence Index 2024 reveals stolen credentials as top risk, with AI attacks on the horizon

4 min read - Every year, IBM X-Force analysts assess the data collected across all our security disciplines to create the IBM X-Force Threat Intelligence Index, our annual report that plots changes in the cyber threat landscape to reveal trends and help clients proactively put security measures in place. Among the many noteworthy findings in the 2024 edition of the X-Force report, three major trends stand out that we’re advising security professionals and CISOs to observe: A sharp increase in abuse of valid accounts…

What cybersecurity pros can learn from first responders

4 min read - Though they may initially seem very different, there are some compelling similarities between cybersecurity professionals and traditional first responders like police and EMTs. After all, in a world where a cyberattack on critical infrastructure could cause untold damage and harm, cyber responders must be ready for anything. But are they actually prepared? Compared to the readiness of traditional first responders, how do cybersecurity professionals in incident response stand up? Let’s dig deeper into whether the same sense of urgency exists…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today