As companies continue to infuse technology into their businessmodels, they must also keep up with an ever-changing digitallandscape. In 2017 and beyond, companies need to considertheir cybersecurity practices.

As cyber attacks continue to rise in frequency andsophistication, companies should also consider where data breachesare occurring. For those looking to understand data breaches bycountry, the latest report from IBM Security and Ponemon Institutesheds light on such a topic.

Sponsored by IBM Security and conducted by Ponemon Institute,the study found that the average cost of a data breachis $3.62 million globally, a 10% decline since 2016.

To explore the complete report, visit the IBMSecurity Data Breach Calculator, an interactive tool thatallows you to manipulate report data and visualize the cost of adata breach across locations and industries, and understand howdifferent factors affect breach costs.

The costs by region

In the 2017 global study, the overall cost of a data breachdecreased to $3.62 million, which is down 10% from $4 million lastyear. While global costs decreased, many regions experienced an increase.

In the U.S., the cost of a data breach was $7.35 million, a 5%increase compared to last year. When compared to other regions,U.S. organizations experienced the most expensive data breaches inthe 2017 report. In the Middle East, organizations saw the secondhighest average cost of a data breach at $4.94 million— an uptick of 10% compared with the previousyear. Canada ranked third with data breaches costing organizations$4.31 million on average.

European nations experienced the most significantdecrease in costs. Germany, France, Italy and the U.K.experienced significant decreases compared to the four-year averagecosts. Australia, Canada and Brazil also experienced decreasedcosts compared to the four-year average cost of a data breach.

Time is money when you're containing a data breach

For the third year in a row, the study found that having anIncident Response (IR) Team in place significantly reduced the costof a data breach. IR teams, along with a formal incident responseplan, can assist organizations to navigate the complicated aspectsof containing a data breach to mitigate further losses.

According to the study, the cost of a data breach was nearly $1million lower on average for organizations that were able tocontain a data breach in less than 30 days compared to those thattook longer than 30 days. The speed of response will beincreasingly critical as General Data Protection Regulation (GDPR)is implemented in May 2018, which will require organizations doing business in Europe toreport data breaches within 72 hours or risk facing fines of up to4% of their global annual turnover.

There's still room for improvement fororganizations when it comes to the time to identify and respondto a breach. On average, organizations took more than six months toidentify a breach, and more than 66 additional days to contain abreach once discovered.

|

Additional key findings

— For the seventh year in a row, healthcare topped the listas the most expensive industry for data breaches. Healthcare data breaches cost organizations$380 per record, more than 2.5 times the global average overallcost at $141 per record.

— Close to half of all data breaches (47%) were causedby malicious or criminal attacks, resulting in anaverage of $156 per record to resolve.

— Data breaches resulting from third party involvement werethe top contributing factor that led to an increase in the cost ofa data breach, increasing the cost $17 per record. The takeaway:Organizations need to evaluate the security posture of theirthird-party providers— including payroll, cloud providers and CRMsoftware — to ensure the security ofemployee and customer data.

— Incident response, encryption and education were thefactors shown to have the most impact on reducing the cost of adata breach. Having an incident response team in place resulted in$19 reduction in cost per lost or stolen record, followed byextensive use of encryption ($16 reduction per record) and employeetraining ($12.5 reduction per record).

From: PropertyCasualty360