The average cost of a data breach is $3.62 million globally, a 10% decline from $4 million in 2016, according to a study sponsored by IBM Security and conducted by Ponemon Institute.
This is the first time since the global study was created that there has been an overall decrease in the cost. According to the study, these data breaches cost companies $141 per lost or stolen record on average.
However, many regions experienced an increased cost of a data breach– for example, the cost of a data breach in the United States was $7.35 million, a five percent increase compared to last year.
Organizations in the Middle East, Japan, South Africa, and India all experienced increased costs in 2017 compared to the four-year average costs.
Analyzing the 11 countries and two regions surveyed in the report, IBM Security identified a close correlation between the response to regulatory requirements in Europe and the overall cost of a data breach.
European countries saw% decrease in the total cost of a data breach over last year’s study. Businesses in Europe operate in a more centralized regulatory environment, while businesses in the US have unique requirements, with 48 of 50 states having their own data breach laws.
Responding to a multitude of regulatory requirements and reporting to potentially millions of consumers can be an extremely costly and resource intensive task.
For the seventh year in a row, healthcare has topped the list as the most expensive industry for data breaches. Healthcare data breaches cost organizations $380 per record, more than 2.5 times the global average across industries at $141 per record.
The involvement of third-parties in a data breach was the top contributing factor that led to an increase in the cost of a data breach, increasing the cost $17 per record.
Incident response, encryption and education were the factors shown to have the most impact on reducing the cost of a data breach. Having an incident response team in place resulted in $19 reduction in cost per lost or stolen record, followed by extensive use of encryption ($16 reduction per record) and employee training ($12.50 reduction per record).