
This week’s data slides complement

Total breach costs for the claims submitted in years 2014–2017 were $202 million. The smallest breach cost reported was just $110 while the largest was $16.8 million. The average cost for the period 2014–2017 was $394,000.

Of the claims that detailed the component costs of crisis management, 62% included forensics, 31% included notification, 26% included credit/ID monitoring and 76% included legal guidance.

According to The Ponemon Institute, malicious attacks cost an average of $155.6 per capita in 2016. However, inadvertent data breaches also cost dearly. Incidents occurring as a result of a system glitch cost an average of $128.1 per capita and those caused by human error cost an average of $125.8 per capita.
Irrespective of the root cause, there is no denying that data breaches cost dearly.

Financial services and retail come in third and fourth place, with these industries being responsible for 13% and 11% of data breaches respectively.
Reflecting the lack of valuable data such as PCI and PII, education and hospitality are both responsible for just 4% of data breaches.

If less than 1% of customers take their business elsewhere, the average cost of this loss is $2.6 million. However, an increase to 3-4% of customers leaving nearly doubles the cost.
For large organizations, the likelihood of a high percentage of customers defecting is reduced due to the sheer size of their customer base. For smaller institutions, the defections can be far more pronounced and ultimately far more damaging.

In 2016, the average cost of a data breach for a company of $50 million in revenue was $195,000. For a company of $10 billion in revenue, the average cost of a breach was $1.6 million.
Meaning, a company of $50 million in revenue incurs losses equivalent to 0.39% of annual revenue, whereas a company of $10 billion in revenue incurs losses equivalent to just 0.02% of annual revenue. This gives further credence to the phrase “too big to fail.”