This, today from the National Journal ....

"The federal government is expecting to spend more than $500 million in the next five years to manage data breaches. The money will be spent to clean up the damage that results from exposed data which often includes private information such as email passwords, credit card numbers and social security numbers. The government is budgeting this money to pay contractors that can mange these events."

The 2015 Ponemon Institute's Cost of Data Breach Study examined the cost incurred by 62 U.S. companies across 16 industry sectors.

According to this year's benchmark findings, data breaches cost companies an average of $217 per compromised record, of which $143 pertains to indirect costs which include abnormal customer turnover, and $74 represents the direct costs incurred to resolve the data breach such as investments in tech and legal fees.

According to the study, malicious attacks continue to be the primary cause of data breaches accounting for 49% of incidents. Nineteen percent concerned employee negligence and 32% involved IT and business process failures.

The total average organizational cost in 2014 rose to $6.53 million.  The study suggests steps to decrease the cost of a breach, but diligence and up-front investments appear to be front and center.

The statistics are chilling and should serve as a wake up call that has been ringing off the hook for several years.

The Feds are obviously concerned as they will be investing in excess of 15X the average rate of a U.S. firm's cost for the next 5 years, at minimum, to manage these expected events.  

Note to the Feds: How about managing increased security before the breach event?

No comments: