Data Breaches Response Costs Continue to Rise

Nossaman LLP
Contact
LinkedIn
Facebook
X
Send
Embed

SEC Chair Mary Jo White recently opined that cyber security is the biggest risk facing the United States financial system.  Companies should take heed of that warning in light of the release of the 2016 Cost of Data Breach Study by IBM and the Ponemon Institute, which showed that average response costs for data breaches continue to rise.

According to that study, the total average cost of data breach incidents to companies located in the United States increased from $6.53 million to $7.01 million between 2014 and 2015.  That represents an approximate 7% increase in the average cost of responding to a data breach.  The study observed that, over its 11 year history, there has not been significant fluctuation in the response cost.  While this might seem comforting, IBM and the Ponemon Institute note that this indicates another chilling likelihood: “it is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”  In addition, the biggest financial consequence to organizations that have experienced a breach is not the cost of responding to the data breach (which is onerous), but the loss of business.

This sobering analysis supports Chair White’s concerns about data security risks and underscores the severity of the problem.  Given the staggering cost of data breaches, a firm should plan well in advance to mitigate its exposure to such costs.  For example, the study also provided that while half of all data breaches resulted from a malicious attack, “23 percent of incidents were caused by negligent employees, and 27 percent involved system glitches that included both IT and business process failures.”  That means half of the breaches might have been avoided with proper training and IT protocols.  Given that data breaches aren’t going to go away, companies should consider factors noted in the study that decrease the cost of responding to data breaches, including “[i]ncident response plans and teams in place, extensive use of encryption, employee training, BCM involvement or extensive use of DLP.”  Companies may also wish to consider cyber-insurance policies to help bear the costs associated with data breaches.  But given the alarming costs detailed in the study, companies should keep in mind the old adage that an ounce of prevention is worth a pound of cure.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Nossaman LLP | Attorney Advertising

Written by:

Nossaman LLP
Nossaman LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Nossaman LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide