Each year, Ponemon Institute surveys organisations around the world to estimate the financial effects of data breaches. Its 2019 report found that the average cost was $3.92 million (about £3.18 million).
This is a steady increase on last year’s total of $3.86 million, which is perhaps to be expected, given that breaches are getting larger and organisations are failing to stay on top of the ever-changing threat landscape.
One potential surprise is that the GDPR (General Data Protection Regulation) hasn’t done more to curb the effects of data breaches. However, this is a global report, so only some of the 507 organisations surveyed are subject to its requirements.
Back where we started
Ponemon Institute has been tracking the cost of data breaches for 14 years, and its results have almost always been disheartening, with the associated costs of security incidents increasing most years.
The only recent instance to buck the trend was 2017, in which the cost of a data breach decreased from $4 million to $3.62 million. That drop-off can partly be attributed to the strong value of the US dollar at the time, with the 2017 report estimating a 48% swing on account of currency fluctuation.
The remaining 52% was down to organisations doing a better job preparing for breaches than in previous years.
Since then, cyber criminals have hit back with a barrage of attacks that use new and more sophisticated methods.
For example, ransomware has been highly lucrative, as criminals have specifically targeted organisations that are likely to pay up. This has tended to be those that provide essential services, like governments and hospitals, which are often obliged to preserve access to their systems.
Whether you pay up or not (although, for the record, you shouldn’t), the ransomware will affect business operations and cost you money in lost productivity. Considering that, the ransom payment generally only accounts for a fraction of the cost of a ransomware attack.
The cost of a data breach is now approaching the level it was in 2016, which was the highest it’s ever been. The good news is that the rate of increase slowed to 1.5% this year, and organisations are more aware than ever of the importance of data protection.
We wouldn’t be surprised to see the increase slow further over the next year and maybe even decrease. Of course, that can’t happen unless organisations continue to invest in measures to help prevent security incidents and respond to breaches quickly and effectively.
Get started with a DPIA
Any organisation that’s serious about cyber security should complete a DPIA (data protection impact assessment).
This is a process that helps you identify and minimise risks that result from data processing. It should be performed whenever you introduce new data processing activities, systems or technologies.
If you’re subject to the GDPR, it’s even more important that you conduct DPIAs. The Regulation requires that organisations conduct them if they:
- Use systematic and extensive profiling with significant effects;
- Process special category or criminal offence data on a large scale; or
- Systematically monitor publicly accessible places on a large scale.
DPIAs are also important tools for accountability. They not only help data controllers comply with the requirements of the GDPR but also demonstrate that appropriate measures have been taken to ensure theircompliance.
How Vigilant Software can help
Our DPIA Tool simplifies and accelerates the assessment process, helping you meet your GDPR requirements with minimal fuss.
Use the tool to:
- Quickly determine whether you need to conduct a DPIA;
- Conduct consistent, comprehensive DPIAs;
- Identify risks and determine the likelihood of their occurrence and impact;
- Easily review and update DPIAs when changes in processing activities occur; and
- Easily share information with stakeholders and your supervisory authority.
The built-in templates ensure your data protection processes are aligned with the GDPR. You can save time, reduce errors and easily demonstrate how you comply with your data protection obligations.