Inside the Cost of a Breach

Larry Ponemon on Breach Evolution, Impact, Prevention

By , April 6, 2012.
Inside the Cost of a Breach

The average per capita cost of a data breach is down, according to the latest Ponemon Institute study. But as the Global Payments breach shows, organizations still have many reasons to be concerned, says researcher Larry Ponemon.

See Also: CEO Bob Carr on EMV & Payments Security

"The moral of the story is organizations need to be vigilant," says Dr. Larry Ponemon, founder of the Ponemon Institute, which conducted this year's Cost of a Data Breach study with sponsorship from Symantec. "You need to keep your eye on the ball," he says in an interview with Information Security Media Group's Tom Field [transcript below].

According to the annual report, the average per capita cost of a data breach has declined from $214 per record to $194 since 2011's report. "But I don't think we should start celebrating and saying, 'Yay,'" says Ponemon, who offers his theories on the reasons behind the reduction.

Complacency is part of the equation, he says. "We think people in general may be becoming numb to the data breach notification process," Ponemon says. "Most people have received at least one data breach notice; they may not even be aware of it because they don't open their mail. The may see it as junk mail."

Another factor, he says, is the rise of intellectual property breaches, which are not a part of the annual study. "We focus on one type of data breach - the type of data breach [of personal records] that requires notification in the United States and then other parts of the world - but in reality there are other, maybe more costly, data breaches that companies are experiencing every day," Ponemon says.

To prevent breaches, organizations need to incorporate intelligence systems into their repertoire of tools to detect and prevent breaches. These include network, traffic and security intelligence tools. "These tools help an organization achieve a higher level of transparency," Ponemon says. "It ... helps them to understand patterns that basically you want to investigate because they're irregular, they're rare events."

Having detailed intelligence can grant an organization the ability to discover an issue much faster.

Other prevention tools he recommends include data loss prevention. "It's almost hard to do it manually, especially for an organization of ... more than 100 employees," he says.

"Tools will help identify when there's an irregular outflow or something looks suspicious, and with these tools an organization could be much better, much faster at identifying a breach," Ponemon explains.

In an exclusive interview about the breach report, Ponemon discusses:

  • Why breach costs have declined;
  • Organizations' top vulnerabilities;
  • The most effective technology solutions to prevent breaches.

Ponemon is the Chairman and Founder of the Ponemon Institute, a research "think tank" dedicated to advancing privacy, data protection and information security practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Dr. Ponemon was named by Security Magazine as "Most Influential People for Security."

Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

TOM FIELD: This study is in its seventh year, is that correct?

LARRY PONEMON: That's correct. This is the seventh year in the United States, and we've also conducted a comparable study in other countries, in fact eight countries in total this year.

Breach Costs Decrease

FIELD: The news everybody is talking about this year is the actual cost of a data breach decreasing. Can you talk about that a little bit, please?

PONEMON: Since we started the study seven years ago in the United States, we saw an increase in data breach cost, and it was small, sometimes not a significant increase, but a steady increase both in the total average cost of a data breach and the per capita cost, which is really a cost on a per compromised record basis. This year, we were surprised, and I was personally stunned, to see that the average cost as well as the per capita cost decreased substantially.

Follow Jeffrey Roman on Twitter: @gen_sec

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Who Disrupted Internet in North Korea?

The Internet reportedly went dark in North Korea on Dec. 22, days after President Obama pledged...

Latest Tweets and Mentions

ARTICLE Who Disrupted Internet in North Korea?

The Internet reportedly went dark in North Korea on Dec. 22, days after President Obama pledged...

The ISMG Network