Understand the impact of today's security breaches by attending our June 26th webinar which will discuss the 2017 Ponemon Cost of a Data Breach study.
Join Ponemon Institute and IBM Security Services on June 26th for a webinar discussing the impact of today’s security breaches based on the latest release of the 2017 Cost of Data Breach Study.
Register for IBM Security Services Webinar highlighting Ponemon Institute 2017 Cost of Data Breach Study The 12th annual Cost of Data Breach Study conducted by Ponemon Institute and sponsored by IBM Security Services calculates the real costs, implications and probabilities of security breaches faced by global organizations.
This webinar will present global findings highlighting trends across 11 countries and 2 regions. Attendees will have access to industry experts for live Q/A and will walk away with key insights, cost reducing strategies, investments and proactive best practices to reduce impact to their businesses in preparation for the next breach.
Join IBM Security Services and Larry Ponemon, founder of the Ponemon Institute, as he walks through the results and methodology of the 2017 Cost of Data Breach Study.
Generative AI for Technical Writer or Information Developers
Understanding the Impact of Today's Security Breaches: The 2017 Ponemon Cost of a Data Breach study, sponsored by IBM Security
1. Understanding Today’s Security Breaches:
Ponemon Institute’s 2017 Cost of Data Breach Study
BENCHMARK RESEARCH SPONSORED BY IBM SECURITY
INDEPENDENTLY CONDUCTED BY
PONEMON INSTITUTE
JUNE 2017
2. 2 IBM Security
Today’s speakers
Larry Ponemon
Chairman, Ponemon Institute
Wendi Whitmore
Global Lead, IBM X-Force IRIS
3. 3 IBM Security
The 2017 Ponemon Cost of Data Breach Study covered 1,900
individuals across 419 companies in 13 countries or regions and
17 industries
Countries/regionsIndustries
Health, 1%
Media, 1%
Communications, 2%
Life science, 4%
Transportation, 5%
Hospitality, 4%
Energy, 5%
Consumer,5%
Public, 7%
Retail, 8%
Financial, 15%
Industrial, 15%
Services, 14%
Technology, 12%
Education, 1%
Research, <1%
Entertainment, <1%
South Africa, 5%
Italy, 6%
Canada, 6%
Middle East,
6%
Australia, 6%
Japan 7%
France 8% Germany 8%
Brazil, 9%
India,
9%
United
Kingdom,
10%
United States,
15%
ASEAN,
5%
4. 4 IBM Security
Understanding these terms will help you understand the report findings
A mega-breach of more than 100,000 records is not considered typical. The cost data in this study cannot
be used to calculate the financial impact of a mega-breach over 100,000 records.
Data breach
An event in which an individual’s name plus a
medical record or financial record or debit card is
potentially at risk
Data record
Information that identifies the natural person
(individual) whose information has been lost or
stolen in a data breach
Incident
For this study, a data breach involving between
approximately 2,600 to slightly more than
100,000 compromised records
Participants
Organizations that experienced a data breach
within the target incident range
Benchmark research
The unit of analysis is the organization; in a
survey, the unit of analysis is the individual
5. 5 IBM Security
What goes up should come down
$3.40
$3.60
$3.80
$4.00
2014 2015 2016 2017
$135
$140
$145
$150
$155
$160
2014 2015 2016 2017
Global average cost per record
in US dollars
Global average cost per incident
in millions of US dollars
• The global average cost of a data breach is down over previous years
• 48% of the per-record 11.4% decrease over last year is due to the US dollar
exchange rate
• The average size of a data breach increased 1.8% to 24,089 records
$141 $3.62M
$158
$154
$145
$4.00M
$3.79M
$3.50M
– 11.4% – 10%
6. 6 IBM Security
Costs and trends vary widely across countries in the study
Canada $190/$4.31M
US $225/$7.35M
Brazil $79/$1.52M
UK $123/$3.10M
Germany $160/$3.68M
France $146/$3.51M
Italy $128/$2.80M
South Africa $128/
$2.53M
Australia $106
$1.92M
Middle East $155/$4.94M
India $64/$1.68M
Japan $140/
$3.47M
Currencies converted to US dollars; no comparison data for ASEAN
ASEAN $112/$2.29M
7. 7 IBM Security
Reductions in the cost of data breach measures helped reduce overall
costs in some countries
-15.00%
-10.00%
-5.00%
0.00%
5.00%
10.00%
15.00%
AU BZ CA DE FR ID IT JP ME SA UK US
Abnormal churn Size of data breach Average total cost Per record cost
8. 8 IBM Security
$71
$101
$119
$123
$124
$131
$132
$137
$149
$150
$154
$165
$188
$200
$223
$245
$380
Public Sector
Research
Media
Transportation
Hospitality
Entertainment
Consumer
Energy
Industrial
Communications
Retail
Technology
Life science
Education
Services
Financial
Health
The per-record cost of a data breach also varies widely by industry
Currencies converted to US dollars
Up 7%
Up 10.9%
Up 7.2%
Down 18.7%
Up 13.8%
Down 3.6%
Down 10.5%
Down 8.5%
Down 4.5%
Down 7.4%
Down 0.8%
*
Down 10.8%
Down 4.7%
Down 9.1%
Down 9.8%
Down11.3% *Comparative y-t-y data not available
Percent change over 2016:
Increase
Decrease
9. 9 IBM Security
The largest component of the total cost of a data breach is lost business
Detection and escalation
$0.99 million
Notification
$0.19 million
Lost business cost
$1.51 million
Ex-post response
$0.93 million
Components of the $3.62 million cost per data breach
$3.62
million
Forensics, root cause
determination, organizing
incident response team,
identifying victims
Disclosure of data breach to
victims and regulators
Help desk, inbound communications,
special investigations, remediation, legal
expenditures, product discounts, identity
protection service, regulatory interventions
Abnormal turnover of
customers, increased
customer acquisition cost,
reputation losses,
diminished goodwill
Currencies converted to US dollars
10. 10 IBM Security
Gaining visibility and responding faster help to reduce costs
Mean time to identify (MTTI) Mean time to contain (MTTC)
(The time it takes to detect that an incident
has occurred)
(The time it takes to resolve a situation and
ultimately restore service)
Total cost, in millions Total cost, in millions
Currencies converted to US dollars
$2.80
$3.83
$3.23
$4.38
MTTI < 100 days MTTI > 100 days
$2.83
$3.77
$3.18
$4.35
MTTC < 30 days MTTC > 30 days
FY 2017 FY 2016
11. 11 IBM Security
Hackers and criminal insiders continue to cause most data breaches
Malicious or
criminal attack
47%
Human error
28%
System glitch
25%
$126per record to resolve
$156per record to resolve
$128per record to resolve
Currencies converted to US dollars
12. 12 IBM Security
The incidence of malicious attack varies considerably by country
59%
52%
50%
50%
48%
48%
48%
46%
44%
43%
41%
40%
40%
22%
24%
19%
23%
24%
24%
22%
34%
25%
29%
33%
25%
24%
19%
24%
31%
28%
28%
28%
30%
20%
31%
29%
26%
35%
36%
Middle East
United States
France
United Kingdom
Japan
Australia
Canada
Germany
Brazil
South Africa
India
ASEAN
Italy
Malicious or criminal attack System glitch Human error
13. 13 IBM Security
Are you focusing on the right things? What are the odds of….
Winning the
Powerball?
Getting struck by
lightning?
Being in a car
accident on a
1,000-mile trip?
Dating a
millionaire?
1
in
292,201,338
1
in
960,000
1
in
366
1
in
220
14. 14 IBM Security
The odds are much greater that you will experience a data breach
15%
15%
17%
23%
24%
26%
26%
27%
32%
36%
39%
40%
41%
Canada
Germany
Australia
Italy
Japan
United Kingdom
ASEAN
United States
Middle East
France
Brazil
India
South Africa
Probability that an
organization in the
study will experience
a data breach over
two-year period
1 in 4
Experiencing a
data breach?
(Global average 28%)
15. 15 IBM Security
What you can do to help reduce the cost of a data breach
$2.90
$5.10
$5.20
$5.40
$5.70
$6.20
$6.80
$8.00
$10.90
$12.50
$16.10
$19.30
CPO appointed
Board-level involvement
CISO appointed
Insurance protection
Data classification
Use of DLP
Use of security analytics
Participation in threat sharing
Business Continuity Management involvement
Employee training
Extensive use of encryption
Incident response team
Amount by which the cost-per-record was lowered
Currencies converted to US dollars
Savings are higher than 2016
*
No comparative data
*
*
*
16. 16 IBM Security
The study also found factors that increase the per-record cost
($2.00)
($2.70)
($5.50)
($7.60)
($8.80)
($11.20)
($14.13)
($16.90)
Amount by which the cost-per-record was increased
Currencies converted to US dollars
Third party involvement
Extensive cloud migration
Compliance failures
Extensive use of mobile platforms
Lost or stolen devices
Rush to notify
Consultants engaged
Provision of ID protection
*
*
($16.90)
($14.13)
($11.20)
($8.80)
($7.60)
($5.50)
($2.70)
($2.00)
Additional costs are higher than 2016
No comparative data
*
17. 17 IBM Security
How organizations are spending their IT security budgets in relation to a
breach
Prevention
31%
Detection
29%
Containment
20%
Remediation
20%
IT
SECURITY
SPEND
18. 18 IBM Security
Proven Incident Response thought leadership and expertise
IBM X-Force Incident Response and Intelligence Services (IRIS)
Led by the industry’s top luminaries Do you see what we see?
WENDI
WHITMORE
Global Practice
Leader
KEVIN
ALBANO
Global Threat
Intelligence Leader
CHRISTOPHER
SCOTT
Global Remediation
Leader
CRAIG
HEILMANN
Global Delivery
Leader
Global response,
remediation, intelligence,
and team leadership
Incident response,
investigations,
threat analysis
Advanced threat
research and
information analysis
Balancing network
security with
business processes
Incident response,
remediation, and
security operations
AHMED
SALEH
Global Incident
Response Leader
AREAS OF EXPERTISE
19. 19 IBM Security
IBM Incident Response and Intelligence Services capabilities
Built on best practice technologies and supported by industry-leading consulting
and services expertise
IBM X-Force IRIS
INTELLIGENCE
SERVICES
IBM X-Force IRIS
RESPONSE & PROACTIVE
SERVICES
IBM X-Force IRIS
REMEDIATION
SERVICES
• Threat Intelligence Analysts
• Intelligence Enablement Training
• Operationalized Intelligence
Package
• Threat Assessment, Incident
Response and Analysis, Retainers
• IR / CIRT / CSIRT Program
Development
• Managed Detection and Response
• Breach Remediation
• Strategic Remediation
and Implementation
• Agile Incident Management
20. 20 IBM Security
Breaking the attack chain with Incident Response
GATHER
Authorized system
attempts to access
resources
BREAK-IN
Remote employee
triggers drive-by
download
LATCH-ON
Internal system
infected as part
of a botnet
EXPAND
Targeted internal email
sent to high-profile
employees
EXFILTRATE
Persistent attackers
quietly siphoning
out data
ATTACK CHAIN
1 2 3 4 5
PEOPLE
• The right level of expertise to handle advanced attacks
• Respond quickly and efficiently; onsite and / or remotely
• Understand business process and security requirements
• Focused on protecting a clients intellectual property
PROCESS
• Controlled standards-based incident response plans
• Intelligence and malware analysis and reporting
TECHNOLOGY
• Endpoint event analysis in near real-time
• Watson for Cybersecurity bringing cognitive solutions
21. 21 IBM Security
Prevention: When prevention works
• Agile incident management:
̶ Which levers will your organization
need to pull in the event of a
widespread breach?
• Account privilege segregation
• Privileged password “checkout”
• Time-limited privileged access
22. 22 IBM Security
Detection: Worth the investment?
• Organization was undergoing active
attack on a daily basis
• Knew what tools the attacker was using,
but was concerned there were areas of
enterprise they weren’t seeing
• Worked with organization to install an
EDR solution
• Identified attacker activity on hosts in
real time
24. 24 IBM Security
Remediation
• Shamoon v2
• Destructive malware in the
environment
• Recover data and get business
running again as fast as possible
• Prevent similar capability from
causing disruption in the
environment in the future
25. 25 IBM Security
Key takeaways from this year’s study
1 Lost business is the biggest financial consequence of a data breach
6 Visibility across the incident life cycle is critical to identifying threats, prioritizing
response and identifying data at risk
Having the right skills, expertise and knowledge—from operations to the C-
Suite—can impact an organization’s ability to reduce the cost of a data breach3
A proactive approach to incident response can significantly reduce cost and
impact of a breach4
Investing in security technologies such as analytics, SIEM and encryption can
help prevent breaches as well as reduce cost5
2 Breaches that occur during cloud implementations and involve mobile add
complexity and cost
26. 26 IBM Security
Organizations are making investments and seeing results, but there
remains much room for improvement
Global average percentage of companies that:
Have a data security
strategy
Participate in threat
intelligence sharing
Deploy security intelligence
systems including SIEM
Deploy advanced identity
and access management
tools
Extensively use encryption
or cryptographic tools
Outsource some or all of
security opertions or
infrastructure
41% 43% 52%
48% 59% 56%
27. 27 IBM Security
Engage with the numbers
Go to ibm.com/security/data-breach
and register to receive the global
study or a country-specific study
Go to ibm.com/security/services
to learn how IBM Security Services can
help in your journey to reduce impact
of and exposure to a data breach
Go to ibm.com/security/data-breach
and see what the data breach
numbers look like for you
New this
year! Data
Breach Cost
Calculator