Breach Notification , Incident & Breach Response , Managed Detection & Response (MDR)

Analysis: Ponemon Breach Cost Study

A Deep-Dive Into 10 Years of Breach Data
Analysis: Ponemon Breach Cost Study
Larry Ponemon

Larry Ponemon, founder and chairman of the Ponemon Institute, offers an in-depth analysis of the results of the organization's 10th study of the costs of data breaches, which found, for example, that rapid growth in hacker attacks is leading to escalating costs.

In an extensive interview Information Security Media Group, Ponemon notes that the Cost of a Data Breach Study shows the costs have hit new highs for all industry sectors in all global markets.

In the financial services sector, the cost of breaches has increased, in part, because of the heightened investments banks and credit unions have been making in breach mitigation technology. "We find that businesses are spending more on breach detection technology and prevention, and that is a cost that's actually good," Ponemon says.

Healthcare, Retail See More Breaches

But the healthcare and retail sectors, in particular, have seen breach costs skyrocket as cyber-attacks have multiplied.

The healthcare sector is being targeted because health records can be sold for top dollar in the underground economy, he says.

And in the wake of the November 2013 breach at Target, which was followed by a host of other major breaches, retailers have suffered from reputational damage, increased fraud-recovery expenses and the need to invest in better breach-prevention solutions, Ponemon says.

"Historically, retail has been on the lower end ... relative to the cost of data breaches," Ponemon says. "But this year [the retail sector] moved to the upper middle to the high point of the curve."

About the Study

This year's study is based on information provided by 350 companies in 11 countries, Ponemon says. While the U.S. had the highest costs associated with data breaches, at $217 per breached record, Germany came in a close second, followed by the United Kingdom and France.

"We use a tool to aggregate direct and indirect costs," Ponemon says. "We actually track 188 different potential activities," including breach detection and notification.

During this interview, Ponemon discusses:

  • Factors that determine the likelihood that a company or business will be breached more than once;
  • Why the cost of breaches varies dramatically depending on regulatory mandates and breach notification laws; and
  • Why data breaches are becoming more frequent and larger.

In 2002, Ponemon founded the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices. He also is an adjunct professor for ethics and privacy at Carnegie Mellon University's CIO Institute.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.