ALM Properties, Inc.
Page printed from: Corporate Counsel
Select 'Print' in your browser menu to print this document.
What to Do About High Data Breach Costs
Law Technology News
It's not always good to be Number One. According to a newly released report from the Ponemon Institute, the U.S. is the most costly country in the world in which to have a data breach. In its "2013 Cost of Data Breach: Global Analysis" study, Ponemon reported the total cost of a breach incident in the U.S. to be $5.4 million, or approximately $188 for every exposed record.
Lost business costs, such as abnormal turnover of customers, reputational harm and diminished goodwill, associated with a data breach averaged over $3.03 million in the U.S. Notification costs are a leading driver of total breach response costs, and giving notice too soon can raise that cost even higher, according to the report. Although the most expensive breaches were those caused by malicious attacks by hackers or criminal insiders, the majority of breaches 63 percent resulted from either negligence or system glitches.
Costs associated with data breaches were highest in heavily regulated industries, such as health care, financial, and pharmaceutical businesses. The per capita cost was $233 for healthcare organizations, $215 for financial businesses, and $207 for pharmaceutical companies, all well above the overall mean cost of $136. Public sector organizations and retailers had the lowest per capita cost, coming in at $81 and $78 respectively.
Faced with continuing front-page stories of cyberattacks and data breaches, all entities must avoid a "who would want my data" approach to issues of data security and breaches, and instead adopt a "when, not if" mind set. The good news, as confirmed by the Ponemon study, is that implementing robust IT systems such as intrusion detection or protection systems and business processes to minimize and mitigate the risk of a data breach really pays off.
An internal risk management program, including the establishment of strong policies and procedures, training, and insurance can reduce the chances of a data breach and mitigate the damages if a breach occurs. Ponemon found that implementing solid data security practices translate into significant savings if a breach occurs. Having an in-place data breach response plan cut per record costs by approximately $42. Maintaining a strong security posture reduced costs by $34, and appointing a chief information security officer saved another $13.
Steps organization should take to manage and mitigate the risks of a data breach include:
Cyberinsurance can help organizations respond to and mitigate the potentially devastating consequences of a data breach. Most cyberinsurance policies provide invaluable assistance to help the insured respond to a breach, including first-party coverage for an attorney breach coach, forensic technicians, notification providers, credit monitoring services, crisis management professionals, and third-party liability coverage for legal defense costs and fines. Many insurers have experienced teams of professionals ready to spring into action in the crucial period directly following a breach event and to defend against any lawsuits that may arise from the breach. Cyberinsurance can provide a lifeline, particularly for small and midsize businesses, that are victimized by a data breach.
As confirmed by the Ponemon study, putting systems and procedures in place to improve data security and to respond to breach incidents substantially reduce the impact and negative consequences of a data breach. The stakes couldn't be higher, but taking a proactive approach can significantly mitigate the risks.
Judy Selby is a partner at Baker & Hostetler. Email: email@example.com.
This article originally appeared in Law Technology News.