The Most And Least Expensive Data Breaches:
German and USA companies have the most and costly data breaches. They also experienced the highest total cost. The least costly data breaches occurred in Brazil and India. In Brazil, the average total cost for a company was relatively higher than the ones of India.
Size Of Data Breaches:
On average, USA and Arabian region companies had data breaches that resulted in the greatest number of exposed or compromised records. On average, Japanese and Italian companies had the smallest number of breached records.
Causes Of Data Breaches Differ Among Countries:
Companies in the Arabian region and in Germany were most likely to experience a malicious or criminal attack, followed by France and Japan. Companies in India were the most likely to experience a data breach caused by system glitch or business process failure and UK companies were more likely to have a breach caused by human error.
Consolidated findings show that malicious or criminal attacks are the most costly data breaches incidents in most countries. USA and German companies experience the most expensive data breach incidents. Brazil and India had the least costly data breach caused by malicious or criminal attackers.
Factors That Decreased And Increased The Cost Of A Data Breach:
Having a strong security posture, incident response plan and CISO appointment reduced the cost per record. Factors that increased the cost were those that were caused by lost or stolen devices, third party involvement in the breach, quick notification and engagement of consultants.
Business Continuity Management Reduced The Cost Of A Breach:
For the first time, the research reveals that having business continuity management involved in remediation of the breach can reduce the cost by an average per compromised record.
France and Italy had the highest rate of abnormal customer turnover or churn following a data breach. In contrast, the Arabian region and India had the lowest rate of abnormal churn.
Countries That Spent The Most And Least On Detection And Escalation:
On average German and French organizations spent the most on detection and escalation activities such as investigating and assessing the data breach. Organizations in India and the Arabian region spent the least on detection and escalation.
Countries That Spent The Most And Least On Notification:
Typical notification costs include IT activities associated with the creation of contact databases, determination of all regulatory requirements, engagement of outside experts and other efforts to make sure victims are alerted to the fact that their personal information has been compromised. USA and German organizations on average spent the most. Brazil and India spent the least amount on notification.
Probability Of An Organization To Have A Data Breach:
As part of understanding the potential risk to an organization’s sensitive and confidential information, we thought it would be helpful to understand the probability that an organization will have a data breach. To do this, we extrapolated a subjective probability distribution for the entire sample of participating companies on the likelihood of a material data breach happening over the next two years.
The results show that a probability of a material data breach involving a minimum of 10,000 records is more than 22 percent. In addition to overall aggregated results, we find that the probability or likelihood of data breach varies considerably by country. India and Brazil have the highest estimated probability of occurrence at 30 percent, while Germany has an approximate 2 percent rate of occurrence.