The cost of a data breach rose again last year, according to the annual U.S. Cost of a Data Breach Study from the Ponemon Institute. Breach costs are typically higher than companies expect, according to the report. And some costs, such as litigation, can be difficult to predict.
The study, which looked at 45 companies that suffered a breach, also examined methods, both technical and policy-oriented, that organizations employed afterward. Companies added employee awareness and training programs more often than any other change, according to the report.
The addition of these kinds of programs is “telling,” says Mike Spinney, Ponemon senior privacy analyst, as firms “are often wiser” after a breach. In addition, awareness and training are a relatively inexpensive way to make a big difference, he says.
The average lost record cost companies $204 last year, just slightly more than the $202 it cost a year earlier, but this year’s cost is about 60 percent higher than five years ago, when the first study was released. The total cost to a business of the average breach studied was $6.75 million.
(To read the rest of "Breaches Lead to Employee Training" from this month's issue of Security Management, click here.)