Study: Data breaches average $3.8 million
Data breaches are increasing not just in number, but in cost, too.
The average data breach set companies back $3.8 million in 2014, up from $3.5 million the year prior, according to a study by data security researcher Ponemon that was funded by IBM.
{mosads}Companies are also now paying an average of $154 per stolen record, up from $145.
The increasing sophistication of cyber crime groups is driving up the costs of recovery after an attack, the study said. Companies often have to bring in a third party to investigate, repair the network and offer credit monitoring services for victims.
“Most of what’s occurring is through organized crime,” Caleb Barlow, vice president of IBM Security, told Reuters. “These are well-funded groups. They work Monday to Friday. They are probably better funded and better staffed than a lot people who are trying to defend against them.”
In February, researchers at Kaspersky Lab uncovered a globe-spanning cyber mafia that was digitally infiltrating banks and monitoring employees to imitate their network activity. Over two years, it’s estimated the group has slowly withdrawn nearly $1 billion from financial firms in 30 countries.
It’s just one example of the growing complexity of the criminal rings behind these cyber schemes.
Other major breaches over the last year at major retailers like Home Depot, banks like JPMorgan Chase, health insurers like Anthem and universities like Pennsylvania State University show that no industry is being spared.
Healthcare and education breaches are the most costly because of the sensitivity of the data stolen. For instance, Anthem’s breach exposed nearly 80 million Social Security numbers, which cannot be changed like a reissued credit card.
Each stolen healthcare record costs a company $363; each lost education record is $300.
IBM offers cybersecurity services for companies, giving the company a financial incentive to highlight the cost of data breaches.
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..