Data breaches are a hard reality for every organization. Just ask Noodles & Co. The fast-casual restaurant chain announced on June 28 a major security breach of customers’ credit card information that occurred between January 31 and June 2 and affected customer data at 44 locations in Minnesota and 37 locations in Wisconsin. These vulnerabilities cost companies and their customers plenty in terms of brand reputation, as well as dollars and cents.
Ponemon found that cybersecurity incidents continue to grow, with 64% more security incidents reported in 2015 than in 2014. The research shows that as threats grow in sophistication and complexity, company costs also increase. The average cost per compromised record is $158. Breaches in highly regulated industries were even more costly. For example, healthcare breaches cost $355 per record.
The costs are primarily associated with lack of incidence response plans, according to the research.
Leveraging an incident response team was the single biggest factor associated with reducing data breach costs. Surprisingly, 70% of companies said they have no incident response plans in place.
IBM and Ponemon recommended incident response teams to streamline the process of responding to a breach.
The annual Cost of a Data Breach Study examines both direct and indirect costs to companies dealing with data breach incidents, and was conducted through in-depth interviews with close to 400 companies globally.
“Over the many years studying the data breach experience of more than 2,000 organizations in every industry, we see that data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” said Dr. Larry Ponemon, Chairman and Founder of the Ponemon Institute, in a statement. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”
“The amount of time, effort and costs that companies face in the wake of a data breach can be devastating, and unfortunately most companies still don’t have a plan in place to deal with this process efficiently,” said Ted Julian, Vice President of Resilient, an IBM Company, in a statement. “While the risk is inevitable, having a coordinated and automated incident response plan, as well as access to the right resources and skills, can make or break how much a company is impacted by a security event.”