Monday, March 8, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Cybersecurity

Data Breach Costs and Attacks Continue to Increase in 2019

The Growing Economic Burden of a Data Breach

by Kelly Frey and Joseph Damon
September 20, 2019
in Cybersecurity, Featured
giant pile of bundled American currency

With the average cost of a data breach in 2019 as high as $3.9 million, it’s imperative for companies to understand the increasing risks, rising costs and expanding customer turnover rates associated with breaches – and to plan accordingly. Nelson Mullins’ Kelly Frey and Joseph Damon discuss.

In its new 2019 Cost of a Data Breach Study for IBM, the Ponemon Institute[1] continues to track the escalating year-over-year costs of data breaches. According to the study, the average total cost of a data breach increased from $3.86 million to $3.92 million, and the average cost for each lost record increased from $148 to $150. And while the rate of increase this year is less than prior years, the total costs of data breaches across industries continues to climb. And there’s evidence that a single breach can have continuing, year-over-year costs after the breach is discovered and remediated.

The study this year also suggests that “the loss of customer trust [related to a data breach] has serious financial consequences, and [at 36 percent of total average breach costs] lost business is the largest of the four major cost categories contributing to the total cost of a data breach.”

A data breach typically involves situations where confidential, sensitive or personally identifiable information (the elements of which may be defined by state law or federal regulation) is accessed or used without permission or proper authorization. Breaches can occur when laptops containing sensitive information are lost or stolen, when disgruntled employees or third parties access or download such information or when cybercriminals/cyberterrorists gain access for profit or political reasons.[2] As such breaches increase in frequency, ingenuity and prevalence, companies are looking to studies such as Ponemon’s to justify the continued increases in cybersecurity spending.[3]

Ponemon provides ample evidence for such justification. The study notes that the costs of a data breach for organizations that invested in an incident response team and testing of their response plans was over 25 percent less than organizations that fail to take such preemptive actions (an average savings of over $1.2 million dollars per breach).

Ponemon also presents new evidence of how data breach costs are incurred. Not only does a single data breach result in immediate costs, but such costs can extend over multiple years. In general, about two-thirds of breach costs are estimated to occur in year one, 22 percent in the second year after a breach and 11 percent in year three. Such extended losses are greater in highly regulated industries, such as health care and finance, where 53 percent of breach costs are recognized in the first year, 32 percent in the second year and 16 percent more than two years after a breach. The study also notes the relationship between customer turnover and costs related to a data breach.

But perhaps the two most disturbing trends noted by this year’s survey relate to the life cycle and nature of cybersecurity attacks.

Disturbing Trends

The study notes that the average time to identify a breach in 2019 was 209 days, and the average time to contain a breach was 73 days, for a total of 279 days – almost a 5 percent increase over the 2018 life cycle of 266 days. This life cycle to containment is critical with respect to costs, as breaches with life cycles of less than 200 days typically create costs one-third lower than breaches with life cycles over 200 days.

The study also noted that malicious cyberattacks are the most common and most expensive of the breaches studied (increasing over 20 percent between 2014 and 2019). Malicious cyberattacks also have a longer life cycle (averaging 314 days) and are more costly (by 27 percent over human error breaches and 37 percent over system bugs and glitches).

But while malicious cyberattacks are now the most common cause of a breach, human errors and system glitches still represent 49 percent of data breaches studied by Ponemon (including the common phishing attacks all companies seem to be victims of these days).

Increasing vendor usage also presents significant potential risks for cyberattacks. Ponemon found that out of 26 factors contributing to the cost of a data breach, “the five that contributed the most cost were third-party involvement, compliance failures, extensive cloud migration, system complexity and operational technology.” Such factors acted as “major cost amplifiers” of a data breach.

And if increasing costs were not disturbing enough, the study indicates that the percentage chance of experiencing a data breach within two years has now risen to almost 30 percent (a 31 percent increase over the last six years).

With the 2019 study, Ponemon continues to present a series of snapshots in time that illustrate the increasing risks, rising costs and expanding customer turnover rates related to data breaches. But these snapshots also suggest immediate mitigation strategies that may save time (and money) when the inevitable breach occurs; strategies range from simple encryption requirements to expanded internal compliance and training. The key is planning and reasoned organizational integration of the staffing, training and systems required as a result of the increasing threats to a company’s digital assets.

The final caution: “Smugness” over not having experienced a data breach is not appropriate.[4] Given that on average, it takes over 200 days to even identify a data breach and the increasing probability of such a data breach, you may already have a multimillion-dollar data breach liability – you just don’t know about it yet.


[1] https://www.ibm.com/security/data-breach

[2] See generally Frey, Cyber-warfare, cyber-terrorism, and cyber-crime, Financier Worldwide, April 2013.

[3] Bloomberg reports that the cost of top cybersecurity experts to serve as Chief Information/Data Security Officer have quadrupled (with annual compensation at public companies ramping from $600,00 to over $2.5M in 2019. Bloomberg Reports, telecast July 7, 2019.

[4] See generally, https://en.wikipedia.org/wiki/Smug_Alert!


Tags: cyber crimedata breachPIIthird party risk management
Previous Post

Shearman & Sterling’s Annual Corporate Governance & Executive Compensation Survey

Next Post

The United States of Data Privacy: The Future of GDPR in the Land of the Free

Kelly Frey and Joseph Damon

Kelly Frey is a partner in the Nashville office of Nelson Mullins Riley & Scarborough LLP, where he represents clients in corporate acquisitions and divestitures, technology transactions and corporate compliance.
Joseph Damon is an associate in the Nashville office of Nelson Mullins Riley & Scarborough LLP, where he advises clients on technology licensing and sourcing matters.

Related Posts

Webianr grpahic for behavox and CCI roundtable

The Power of AI in Financial Services Compliance

March 8, 2021
green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
The facade of the SEC in Washington, D.C.

Prepare Now to Comply with SEC’s Updated MD&A and Related Financial Disclosure Requirements

March 3, 2021
Next Post
wooden gavel on american flag

The United States of Data Privacy: The Future of GDPR in the Land of the Free

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights