The Average Cost of a Data Breach Is Now $4 Million

Reader Orome1 writes: The average data breach cost has grown to $4 million, representing a 29 percent increase since 2013, according to a report by Ponemon Institute. Cybersecurity incidents continue to grow in both volume and sophistication, with 64 percent more security incidents reported in 2015 than in 2014. As these threats become more complex, the cost to companies continues to rise. In fact, companies lose $158 per compromised record. Breaches in highly regulated industries like healthcare were even more costly, reaching $355 per record -- a full $100 more than in 2013.

Could this be slightly overestimated?

[dmomo]

Because of this:

"Work with IT or outside security experts to quickly identify the source of the breach and stop any more data leakage"

I imagine this includes doing a security audit, and fixing any holes, which should be done regardless of a breach. Perhaps the breach even made it easier to find certain holes.

Should be higher

[campuscodi]

Should be higher. That way companies would fix their s***!

Re:Inflation

[DarkOx]

do you calculate in the time of your own IT staff that you would be paying anyway

and they answer should be 'yes'.

Presumably your IT staff would be doing something else to facilitate the operation of the business that justifies the on going expense of having them on board, otherwise you would not be paying them anyway. So if they are taken away from those activities to respond to the breach either you are incurring losses at least equal to the cost of those employees elsewhere where they can no longer add value; or you have to incur probably greater costs hiring contractors to replace their other effort short term.

Either way its correct to count the staff time spent responding to the breach as a cost of the breach. They only way it would not be correct to do so is if you knew or believed that staff was otherwise dead weight already.