- The healthcare industry had the second highest number of days to identify and contain a data breach, around 350 days, according to a recent study by The Ponemon Institute and IBM.
The healthcare industry was second only to the entertainment industry, which took 367 days. Financial services had the fewest number of days to identify and contain a data breach, 217 days.
Financial services had the highest frequency of data breaches, followed by services, and industrial and manufacturing. Healthcare was well down the list of industries in terms of frequency of data breaches.
The study also found organizations that use proactive data recovery planning decreased the cost and frequency of data breaches by more than 30 percent.
The study found that the longer it takes to identify, contain, and recover from a data breach, the more it consumes significant time, money, and resources.
On average, companies that have business continuity management (BCM) programs saved 44 days in the identification of a data breach, 38 days in the containment of a data breach, and 31 days in recovery from a data breach.
In addition, organizations with BCM programs had a $9.3 reduction in per capita cost of data breach, 6.5 percent reduction in the per capita cost of data breach, and a 32 percent decrease in the likelihood of a data breach over the next 2 years.
Sixty percent of the study participants who have a disaster recovery program currently use automation and/or orchestration. These organizations have been able to reduce the mean time to identify, contain and recover from a data breach by more than 30 percent; reduce the average daily cost of a data breach by more than half; reduce the chance of disruption to material business operations by more than 20 percent, and reduce the likelihood of a data breach recurring by more than 30 percent.
“Our research over the last few years continues to confirm that the proactive steps business leaders and organizations are taking to protect and recover critical data are working,” said Ponemon Institute Chairman and Founder Larry Ponemon. “These actions can improve the bottom line, make businesses more efficient, and give customers more confidence to entrust the enterprise with their data.”
This study is a follow up to the Cost of a Data Breach study that Ponemon and IBM released earlier this year. That study found that healthcare data breach costs average $408 per record, the highest of any industry for the eighth straight year and three times higher than the cross-industry average of $148 per record. Last year, the average cost of $380 per record for a healthcare data breach.
The average cost of a data breach across industries and countries is $3.86 million, a 6.4 percent increase from 2017 and a nearly 10 percent net increase over the past five years.
The IBM-Ponemon study compared the cost of data breaches in different industries and regions. It found that data breaches are the costliest in the United States and the Middle East, and least costly in Brazil and India.
One factor affecting data breach cost in the United States was the cost of lost business, which was $4.2 million, more than double the amount of “lost business costs” compared to any other region surveyed.
The study found that hidden costs in data breaches are difficult and expensive to manage. Based on interviews with nearly 500 companies that experienced a data breach, the study analyzed hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notifications, legal and regulatory activities, and cost of lost business and reputation.
For mega breaches, the biggest expense category was costs associated with lost business, which the report estimated at nearly $118 million for breaches of 50 million records, almost a third of the total cost of a breach this size.