The average data breach is more than just a disruption, as a new study found that it has a major financial cost as well. According to an October 9 NetDiligence study, the insurance costs related to the average data breach cost $3.7 million last year. In comparison, the average breach cost $2.4 million in 2010.
From 2009 to 2011, 1.4 million records were exposed from lax cybersecurity, a decrease of 18 percent over that two-year period. Each breach cost insurers between $25,000 and $200,000, with the average insurance cost for crisis management services increasing by more than $180,000 to close to $990,000, Business Insurance reported.
In total, the Identity Theft Resource Center reported that 2011 saw 23 million confidential records exposed through more than 414 reported breaches. Interestingly, while there was a 44 percent increase in the number of records exposed from 2010 to last year, there was a 37 percent decrease in the number of reported breaches during that same period.
Last year were some of the biggest data breaches to occur to date, the report noted, including incidents targeting Sony and and the Texas Comptroller’s Office. Additionally, the type of data exposed was found to be more damaging. More than 40 percent of the data exposed was personally identifiable, an increase of 27 percent from 2010.
The most commonly affected sectors of data breaches were healthcare and business. In 2011, 15 percent of all data exposed through data breaches was related to healthcare, a 16 percent increase from the previous year. Out of all insurance claims made on exposed information, 20 percent came from healthcare, according to Business Insurance.
Reasons for the increases
Part of the reason for the increase in announced data breaches to occur in 2011 was due to a reclassification of information considered personally identifiable. During that year, ZIP codes and email addresses were for the first time deemed to be critical information, according to NetDiligence.
One of the most worrisome trends cited by NetDiligence was that, despite the increases in cost and damages of data breaches, IT layered security still is not a high priority. In 2011, 39 percent of executives surveyed said they reviewed their security solutions annually. Two years prior, 52 percent said they conducted a yearly review. The lack of internal oversight shows that an increase in risk associated with a data breach is not leading organizations to implement more stringent layered security measures like application control.
Why do you think 2011 saw an increase in the amount and cost of data breaches? What can companies do to mitigate the risk? Leave your comments below to let us know what you think about these findings!