A data breach is where one’s personal information is put at risk either in electronic or paper format; such personal information may include an individual’s name, medical record, financial record or a debit card. Data breach is majorly caused by malicious or criminal attack, system glitch or a human error. The costs of a data breach can vary according to the cause and the protective measures in place at the time of the data breach. (Reading on Ways to secure your database may also be helpful to you.)

A compromised record is information that identifies the natural person (individual) whose information has been lost or stolen in the data breach. Examples can include a health insurer’s record of policyholder with physician and payment information or a retail company’s database with an individual’s name associated with credit card information and other personally identifiable information.


In order to get the cost of the frequent data breaches in different companies and organizations there is need to collect data from them. The need for a well collected in-depth qualitative data is paramount hence interviews are majorly used. This is done for a certain period of time, maybe ten months, to ensure all the needed information for a proper evaluation of data breach is acquired. The interviews are to be conducted to individuals within the IT department because they have knowledge about their organizations data breach and the costs associated with resolving such breaches.  For privacy reasons there should be no collection of any organizations specific information.

To calculate the average cost of data breach, there is involvement of both the direct and indirect expenses incurred by the organization. Direct expenses include;  the engaging of forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions and discounts for future products and services. Indirect costs include in-house investigations and communications, as well as the extrapolated value of customer loss resulting from turnover or diminished customer acquisition rates.

The average cost of data breach research does not apply to catastrophic or mega data breaches because these are not the type of breaches that most organizations experience. Hence the annual cost data breach research is not to be used to calculate the consequences of a mega breach such as those involving millions of lost or stolen records.

Annually the study involves a different sample of companies. To maintain consistency there is no study of the same sample of companies over time but there is recruitment of match companies with similar characteristics such as the company’s industry, headcount, geographic footprint and size of data breach.

Similar Posts:

Facebook Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>