This article was originally published in 2012. It was updated and re-published on October 7, 2019.
Cyber liability is something most businesses don’t consider nearly as much as they should. Many businesses feel that they’re too small to be considered a good target for a data breach. Others assume that cyber-attackers will only target companies in the technology sector. Still others feel that their current firewalls and network security measures are more than sufficient to protect them from any potential breach attempts.
As technology advances, we will be at a higher state of risk and new exposures, such as identity theft and data breaches. If your business uses technology at all, in any capacity, you are at risk of being targeted in a data breach. Do you keep any personally identifiable information (such as Social Security numbers, bank or credit card information, or drivers’ license numbers) of clients or employees in your databases? That information could be very valuable to a would-be hacker.
The Effects of Data Breaches in 2019
Each year for the past 14 years, the Ponemon Institute releases a new installment of its annual study on the cost of a data breach. In the 2019 Annual Study: U.S. Cost of a Data Breach, we found that data breaches grew more costly for the second year in a row, with a 12 percent growth rate between 2014 and 2019.
How is a company affected by a data breach? The global average organizational cost of a data breach increased to $3.92 million (up from $3.86 million the previous year) and cost companies an average of $150 per compromised record, markedly higher when compared to $148 in 2018 and $141 in 2017. The average breach compromises 25,575 records.
Cost of a Data Breach: The Breakdown
Some of the major findings from the study include:
- The United States leads the pack in cost. The United States is the most expensive region to experience a data breach by a significant margin. The average cost of a breach in the United States costs an organization $8.19 million (up from $7.91 million), more than double the global average. The cost per breached record is also higher than the global average, at $242 per record. However, the United States did not have the highest number of average breached records; both the Middle East (38,800) and India (35,636) saw more records breached per attack.
- Healthcare is the most expensive industry. Consistent with the past several years, the healthcare industry once again saw the highest average data breach costs, with the average total cost of a breach being $6.45 million.
- Data breach costs have a long tail. 2019’s report was the first one to look into how data breaches continued to affect organizations years after the initial breach. Though the majority of costs are incurred within the first year after a data breach, one-third of costs occur more than a year after the initial breach. In organizations and industries with higher levels of regulation (such as healthcare, finance, and energy), the long-term costs are more pronounced, with 47 percent of breach costs occurring over a year after the initial breach. These costs include things such as class action lawsuits, regulatory fines, lost business, and customer turnover. 36 percent of the average total cost of a breach comes from lost business, making it the largest contributor to costs.
- The data breach life cycle is increasing, and that makes costs increase. The “life cycle” of a data breach refers to the amount of time it takes for an organization to identify and contain a breach. In 2019, the average life cycle is 279 days, a 4.9 percent increase from 2018’s 266-day average. The report also found that a longer life cycle correlates with a higher total cost.
- Malicious attacks are the most common (and costly). In previous years, negligence was identified as the top cause of breaches. In this year’s report, however, malicious and criminal attacks made up 51 percent of data breach root causes. System glitches caused 25 percent, while human error caused 24 percent. Malicious attacks also have a longer-than-average life cycle, as they take an average of 314 days to spot and contain.
- Incident response teams, plans, and encryption are the keys to reducing breach costs. The report found that incident response plans reduced the average total cost of a breach by $320,000, and incident response teams and encryption could reduce the average total cost by $360,000 each. Business continuity management, artificial intelligence platforms, employee education, and a DevSecOps approach were also among the top cost-mitigating factors.
- Some “solutions” only increase the cost of a data breach. Involving a third-party partner was the leading driver of increased cost, with their involvement being found to increase the total cost of a breach by $370,000. Compliance failures, excessive cloud migration, OT infrastructure, and system complexity were also found to increase the average total cost.
The U.S. Cost of a Data Breach Study was derived from a detailed analysis of data breaches that occurred between July 2018 and April 2019 at 507 organizations in 16 countries and regions and 17 industries.
Cyber Liability Insurance
In today’s technology-driven landscape, cyber liability insurance is an absolutely crucial insurance policy for every business to have. These policies can be custom-tailored to an operation’s individual risk profile, and provide coverage for both first- and third-party costs of a data breach, including:
- Forensic investigation costs
- Legal advice
- Breach communication notification
- Credit monitoring for customers
- Public relations
- Loss of profits and extra expense during business interruption
- Legal defense, settlements, damages, and judgments
- Regulatory fines and penalties.
About Byrnes Agency
At Byrnes Agency, we offer insurance solutions that can be tailored to meet your specific needs. Whether you’re looking for personal policies or commercial coverage, we have the right coverage for you. To learn more about our products, contact us today at one of our two locations.
If you’ve enjoyed what you’ve read here and would like to know when we’ve published a new blog post, please “like” us on our Facebook page, and share this with your Connecticut neighbors.
Phone: (860) 774-8549
394 Lake Rd
Dayville, CT 06241
Hours of Operation: Monday- Friday 9:00am-5:00pm
Phone: (860) 886-5498
6 Consumers Avenue
Norwich, CT 06360
Hours of Operation: Monday- Friday 9:00am-5:00pm