The total average cost of a data breach for companies around the world has increased to $3.8 million, up from $3.5 million a year ago, reflecting in part a higher frequency of malicious or criminal cyber attacks, according to a new report.
The Ponemon Institute’s annual Cost of a Data Breach study follows a year of high-profile attacks on such companies as Sony, JPMorgan Chase, Target, and Home Depot. The cost of a data breach is now $154 per record lost or stolen, up from $145 last year, the study says.
The report says malicious or criminal breaches are becoming more frequent and more costly. In this year’s study, they accounted for 47% of the root causes of a data breach, up from 42% last year, while costs increased to an average of $170 from $159.
Data breaches are also costing companies an increasing amount of lost business fueled by the growing awareness of identity theft and consumers’ concerns about the security of their personal data following a breach. The cost of lost business increased from a total average of $1.33 million last year to $1.57 million in 2015.
Ponemon also reported that data breaches cost the most in the United States ($217 per record, up from $201 in 2014) and Germany ($211). The lowest costs were in Brazil ($78) and India ($56).
In another recent report, Verizon cast doubt on Ponemon’s methodology, which derives a cost-per-record by dividing the sum of loss estimates by the total number of records lost. For the United States, Verizon came up with a cost-per-record in 2014 of only 58 cents based on its estimate of $400 million in losses and 700 million compromised records.