Data breach costs have risen 6.4% over the last year to reach a global average of $3.86 million. But they are higher in the United States — $7.91 million — and mega-breach damages can run from $40 million to $350 million, according to 2018 Cost of a Data Breach, a study sponsored by IBM Security, conducted by Ponemon Institute LLC.
But encryption and the use of incident response teams can lower the financial hit.
Consumer notification costs are also higher in the U.S. — $740,000. These costs include email bouncebacks, creation of contact databases, postal expenditures and inbound communication setups, the study states.
The U.S. also spends the most on post-breach responses, including help desk activities, inbound communications, investigations, legal expenditures, product discounts, ID protection services and regulatory interventions, the study states. Second is the Middle East, throughout which an average $1.47 million is spent.
In addition, the U.S. has the highest per capita costs — at $233 — and Canada is the second highest at $202. Germany is third, with $188. However, the global average is $148.
But this depends on the industry — the health sector as a per capita cost of $408.
Some 48% of the breaches studied were caused by malicious attacks, 27% by human error and 25% by system glitches. Attacks result in an average cost per record of $157 for system glitches $131 and $128 for human error.
There is one area where the U.S. seems to do better — it is only third in the world in suffering malicious attacks, with 55% of overall breaches. Glitches cause 23% and human error causes 25%.
In contrast, 61% of the Middle East breaches are due to malicious activity.
The study also states that the faster a breach is contained, the lower the costs. Firms that identify attacks in less than 100 days saved more than $1 million, the study continues.
The mean time to identify a breach is 197 days, and to contain one 69 days. These periods are highest for criminal attacks, and lower for breaches caused by human error. And those that respond in less than 30 days save $1 million.
The study also states that the faster a breach is contained, the lower the costs. Firms that identify attacks in less than 100 days save more than $1 million, and those that contain them in 30 days save $1 million, the study continues.
French and Japanese consumers are most likely to abandon a brand following a breach, producing churn rates of 4.5% apiece. The U.S. comes in fourth, with a churn rate of 3.6%. Italy has a 4.2% rate. Health and financial services have churn rates exceeding 6%, and pharmaceutical, services and technology fields also exceed the average industry churn rate of 3.4%.
The global sample includes 477 companies.