The cost of data breaches to businesses is high, and it is growing—especially in the United States. According to the 2014 Cost of Data Breach Study, conducted by IBM and Ponemon Institute, the average cost worldwide of a data breach is up fifteen percent worldwide, to $3.5 million. However, the U.S. leads the upper end of the curve, with an average data breach costing companies $5.85 million, which has risen from the 2013 average of $5.4 million.
That’s not the only thing: U.S. business pays for more in data breaches; we also led the curve in cost per individual record, and in size of breaches recorded, the study shows. This data does not include so-called “mega breaches,” such as the Target breach in the winter of last year — since such breaches are extremely rare and outside the norm.
Given the findings of the study, it seems clear that companies must seek to minimize data breaches, and the associated costs, wherever and however they can. That’s why DMA has always made data stewardship a keystone of our Ethical Business Guidelines regarding responsible data use. Companies not only owe it to their customers to protect their data—they also owe it to themselves to proactively prepare and do as much as possible to minimize costly losses of time, resources, and money that go into repairing data breaches and mopping up the aftermath.
Our recently updated 2014 Ethical Business Guidelines contain more specific guidance regarding data protection, such as “BYD” (bring your own devices) training for employees who handle data records. DMA has also asked Congress to pass national legislation on breach notification that will make it easier for businesses to respond, given that right now we currently have a system of 47 different state laws.
The Ponemon Institute’s study also found other “costs” than fiscal were involved in data breaches — customers were less likely to be loyal to a company or brand after a data breach, especially in the financial services industry. There is good news, however: The study found that the costs could be mitigated by having business continuity management involved in the remediation of a breach. DMA’s Guidelines include a checklist for establishing a published privacy and security policy to follow in the event of a breach.
Make sure to protect your company and your customers from malicious hackers by using best practices to prevent data breaches, and by having a set policy already in place to deal with data breaches if the unthinkable happens. For more information, see our Guidelines, and also check out the presentation deck from our recent webinar on Retailer Readiness for Data Breaches.