What Is The True Cost Of A Data Breach?

<p><em>Protecting an organisation from a data breach could save tens of millions of euros, says <strong>Sumeet Singh</strong></em><br><br>The motives for security attacks still remain varied. Attackers may be looking for payment card data or sensitive commercial information, or may simply wish to disrupt business, but whatever the motive - all have an impact on a business. Protecting an organisation from a data breach could save tens of millions of euros, help maintain customer loyalty and shareholder confidence. But can we really quantify the true cost of a data breach?<br><br>As a part of Verizon's "2015 Data Breach Investigation Report" we have sought to build an alternative-and more accurate-approach to estimating loss as a result of a security incident. We have based the approach on actual data and consider multiple contributing factors - importantly not just number of records.<br><br>We realised that the cost of breach doesn't follow a linear model and shouldn't be reported as such. In reality, the cost per record falls as the number of records lost increases. So instead of using a simple average, we modelled how the actual cost varies with the number of records. We believe that this provides a much more reliable indicator. And our model can be used to estimate the cost for breaches experienced by all organizations.<br><br><strong>Analysing The True Cost Of A Breach</strong><br>Verizon security analysts used a new assessment model for gauging the financial impact of a security breach, based on the analysis of nearly 200 cyberliability insurance claims. The model accounts for the fact that the cost of each stolen record is directly affected by the type of data and total number of records compromised, and shows a high and low range for the cost of a lost record (i.e. credit card number, medical health record). &nbsp;<br><br>For example, the model predicts that the cost of a breach involving 10 million records will fall between $2.1 million and $5.2 million (95 per cent of the time), and depending on circumstances could range up to as much as $73.9 million. For breaches with 100 million records, the cost will fall between $5 million and $15.6 million (95 percent of the time), and could top out at $199 million.<br><br>Interestingly, this shows that a company's size has no effect on the cost of a breach. The headline-making losses reported by larger organizations can be explained by the fact that these involved the loss of more records. Breaches with a comparable number of records have a similar cost, regardless of organisation size.<br>We believe this new model for estimating the cost of a breach is ground-breaking, although there is definitely still room for refinement. We must never forget that it's rarely, if ever, less expensive to suffer a breach than to put the proper defense in place.<br><br>Comprehensive security isn't a business luxury, it is a daily necessity.<br><br><em>The author is Head - Security Engineering, Asia Pacific, at Verizon Enterprise Solutions</em></p>