2014 Cost of Data Breach Study: Global Analysis

IBM and Ponemon are pleased to release the ninth annual Cost of Data Breach Study: Global Study. According to the research, the average total cost of a data breach for the companies participating in this research increased 15 percent to $3.5 million2. The average cost paid for each lost or stolen record containing sensitive and confidential information increased more than 9 percent from $136 in 2013 to $145 in this year’s study.

For the first time, our study looks at the likelihood of a company having one or more data breach occurrences in the next 24 months. Based on the experiences of companies participating in our research, we believe we can predict the probability of a data breach based on two factors: how many records were lost or stolen and the company’s industry. According to the findings, organizations in India and Brazil are more likely to have a data breach involving a minimum of 10,000 records. In contrast, organizations in Germany and Australia are least likely to have a breach. In all cases, it is more likely a company will have a breach involving 10,000 or fewer records than a mega breach involving more than 100,000 records.

In this year’s study, 314 companies representing the following 10 countries participated: United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India and, for the first time, the Arabian region (United Arab Emirates and Saudi Arabia). All participating organizations experienced a data breach ranging from a low of approximately 2,415 to slightly more than 100,000 compromised records. We define a compromised record as one that identifies the individual whose information has been lost or stolen in a data breach.

As the findings reveal, the consolidated average per capita cost of data breach (compiled for ten countries and converted to US dollars) differs widely among the countries. Many of these cost differences can be attributed to the types of attacks and threats organizations face as well as the data protection regulations and laws in their respective countries. In this year’s global study, the average consolidated data breach increased from $136 to $145. However, German and US organizations on average experienced much higher costs at $195 and $201, respectively.

Ponemon Institute conducted its first Cost of Data Breach study in the United States nine years ago. Since then, we have expanded the study to include the United Kingdom, Germany, France, Australia, India, Italy, Japan, Brazil and, for the first time this year, United Emirates and Saudi Arabia. To date, 1,279 business and government (public sector) organizations have participated in the benchmarking process since the inception of this research series.