One of the most significant cost elements of a data breach is crisis management. Eighty-seven percent of claims (2014–2017) included costs for one or more components of crisis services. The smallest claim was $14, while the largest claim was $8.2 million. The average for crisis services was $249,000.
Of the claims that detailed the component costs of crisis management, 62% included forensics, 31% included notification, 26% included credit/ID monitoring and 76% included legal guidance.
The breaches that cost the most are a result of malicious attacks.
According to The Ponemon Institute, malicious attacks cost an average of $155.6 per capita in 2016. However, inadvertent data breaches also cost dearly. Incidents occurring as a result of a system glitch cost an average of $128.1 per capita and those caused by human error cost an average of $125.8 per capita.
Irrespective of the root cause, there is no denying that data breaches cost dearly.
While there may be an expectation that the majority of data breaches occur in financial services and retail due to these sectors being rich in highly sought payment card information, the two most frequently targeted verticals are health care and professional services, each responsible for 18% of data breaches.
Financial services and retail come in third and fourth place, with these industries being responsible for 13% and 11% of data breaches respectively.
Reflecting the lack of valuable data such as PCI and PII, education and hospitality are both responsible for just 4% of data breaches.