According to the 2016 Cost of Data Breach Study put out by the Ponemon Institute (and in conjunction with IBM), the average cost of an enterprise data breach jumped up to $4 million. That’s a five percent bump over 2015, though the cost of data breaches hasn’t varied much since the study began in 2005.
Not surprisingly, most of the data breaches of 2015 (48 percent) were caused by hackers and malicious insiders as opposed to a fat-fingered misconfiguration of a security device. But that doesn’t mean mistakes were insignificant – human error contributed to 25 percent of the breaches, whereas 27 percent were attributed to system glitches.
Hot Ticket Healthcare Records
For those who are responsible for the prevention of a data breach, you can save your organization a significant sum. The average cost of a breached data record was $158, but regulated industries like banking, financial services and healthcare found that their cost on a per-record level was significantly higher than average. Healthcare tipped the scales with a whopping cost of $355 per record breached.
One of the more frightening conclusions of the study was that Ponemon believes that it has enough data to establish the probability an organization will experience a data breach of at least 10,000 records in the next two years: it’s one in four (26 percent).
While these statistics are pretty bleak, there are some early signals you can look for to avoid being that one in four. Your attack surface has several Indicators of Exposure (IOEs) that can be tell-tale signs that you’re prone to attack. Those include device misconfigurations and overly permissive access rules that make it easier for malicious attackers and rogue insiders to get in and around critical parts of your network. They also include new, exposed or suspiciously dense software vulnerabilities on your network devices and endpoints. Understanding these indicators and directing your security teams to resolve the most critical ones first can mean the difference between secure networks, a minor incident or headline news.
So . . . do you need to add a $4 million line item to your budget?
Source: “2016 Cost of Data Breach Study: Global Analysis.” Ponemon Institute. June 2016. http://www-03.ibm.com/security/data-breach/
By better understanding your security controls already in place and getting a better handle on software vulnerabilities, you can significantly reduce your attack surface and likelihood of needing an extra $2-4 million in your budget. To learn more about how Skybox Security can help you reduce your attack surface and exposure to breaches from hackers and malicious insiders, visit our solutions page to select your industry.