What is the True Cost of a Data Breach?

This week, TITUS released an infographic that contains some sobering figures about the true cost of a data security breach. While lost data can mean lost intellectual property (which is hard to place an accurate value on), it most certainly would include fines, expensive customer communications, lawsuits, and an evaluation of technology and/or policy.  All totaled, the Ponemon Institute’s 2014 Cost of a Data Breach Study pegs the cost of a lost record in the US at $195 per record – up from $188 in 2013.

And the likelihood that a data breach will happen to your organization might be much higher than you think. Consider this for just a moment:

60% of your workforce exchanges data with 10 or more people daily.

That is a lot of information being exchanged with a lot of different people. Is it surprising then, that 84% of all organizations have suffered a staff-related data breach?

I don’t think so.

Cost of Data Breach ScreenshotPeople are constantly addressing email to the wrong recipient, saving multiple copies of information (sometimes to unsecured or unauthorized locations), and working with data outside the office from mobile devices. Sensitive information is getting around. Given this, it is surprising how little companies are investing in employee security training to prevent unnecessary breaches from happening. According to Forrester, only 42% of the North American and European workforce claim to have received data security training. Clearly, senior management is not placing enough emphasis on employee data security awareness. According to data uncovered in the Cost of a Data Breach infographic, even traditional user awareness training has a more positive return on the cost of a data breach than implementing a data loss prevention (DLP) system. Imagine then the benefits of adding a classification tool like TITUS which continually reminds users about the sensitivity of the data and involves them in maintaining data security. In addition, TITUS classifications provide identity to the data which DLP systems can leverage for accurate policy enforcement, thereby enhancing their effectiveness and ROI.

Since 89% of data breaches could have been prevented, isn’t a moderate investment in prevention worth the millions of Pounds…or Dollars…or Yen… of cure?

Leave a Reply