Global cost of data breaches reportedly decreases by 10%

According to Help Net Security, the cost of data breaches has declined by 10% from 2016 to 2017.

It’s bizarre given that all we ever read about and hear is the increasing costs of data breaches to businesses! We should also consider the fact that 2017 isn’t over yet!

The Ponemon Institute study (sponsored by IMB Security) conducts independent research on privacy, data protection and information security policy. They aim to inform companies and organisations on how to improve their data protection initiatives and therefore enhance their reputation as a trusted organisation who are being proactive in data protection.

Cost of global data breaches falling?

In the 2017 Ponemon Institute study, research suggested that the average cost of a data breach is $3.62 million (£2.77 million) worldwide. The latest report studied over 419 organisations.

This is reportedly the first time that the global study has shown a decrease in the overall cost of a data breach. Year-on-year, the trend has shown an increase in the cost, which is why this news comes as a surprise for all.

U.K. and European data breaches

The study showed that the U.K. ranked 8^th for the average number of breached records by country or region, with 21,663 data breaches in 2017 so far. Most notably, there was a significant decrease of data breaches in Europe. Analysis of 11 countries and 2 regions surveyed in the report showed a close correlation between the response to regulatory requirements in Europe and the overall cost of a data breach.

The study showed that European countries had a 26% decrease in the total cost of a data breach over last year’s study.

How will the GDPR affect the cost of data breaches?

This could be to do with the new European General Data Protection Regulations (GDPR) that will be coming into force on 25^th May 2018. The GDPR is intended to strengthen and unify data protection for all within the European Union. It has the intended effect of giving control back to citizens and residents over their personal data and to simplify the regulatory environment within the European Union.

When it comes into force it will be directly binding and applicable. The sanctions of infringing the regulations are a lot harsher than the current national sanctions. The penalties are as follows:

• A warning in writing in cases of first and non-intentional non-compliance
• Regular periodic data protection audits
• Fines of up to 20 million EUR (£17.7 million) or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater

This could’ve been one of the influencing factors on why there has been a decrease in the costs of data breaches, according to the Ponemon study. Companies and organisations could be getting their cybersecurity ready in preparation for the GDPR and putting measures in place to prevent data breaches.

It’ll be interesting to see how this trend continues following on from the implementation of the GDPR. With mandatory breach reporting being one of the requirements of the GDPR, many companies and organisations will have to notify regulators and their clients alike. As a result of the mandatory reporting, we could see an increased cost in data breaches.

Only time will tell…