It took only nine days for a $5 million class-action lawsuit to be filed against one of the latest companies to suffer a high-profile data breach. It will likely take years to see fines levied against the company and for the courts to decide if damages should be awarded to victims. But, even before fines and damages, the costs of a data breach are significant and, according to the 3rd Annual Global Cost of a Data Breach Study, they’re rising worldwide.
When you dig into the details of this year’s study – and I invite you to do just that – there are some striking differences across the globe. From the causes of breaches to the cost of lost business, no two countries are exactly the same. But, there are some global trends to keep an eye on.
Overall costs are rising
The U.S. still has the highest cost per compromised record at $194, trailed closely by Germany at $191. Other countries had lower costs ranging from $102 to $159, but India was a clear outlier and had the lowest cost at $42 per record. What accounts for this striking difference? One reason may be that India lacks data breach notification laws.
Laws driving notification costs up
Just last month, I blogged about the how U.S. companies are paying more to notify victims of data breach, largely due to more laws and regulations governing data breach notification. The global study shows that the U.S. is not alone when it comes to regulations driving the costs of notification higher. The U.S. spends the most on notification – the average cost to notify victims of breach reached $560,000 – which make sense given that U.S. states impose some of the world’s most specific and tough notification obligations. The next highest country, Germany spends $303,000 on average to notify victims followed by the UK $223,085. Both Germany and the UK also have strict data breach notification requirements.
In stark contrast, the lowest notification costs were in India, at just $31,000 on average. Understandably, countries without regulations that call for the notification of data breach victims spend less. These include Australia and India.
Lost business costs highest in countries requiring notification
Lost business costs represent the most significant financial consequence of a data breach worldwide. The U.S. leads with the highest lost business cost ($3.0 million). Germany and the U.K. follow at $1.7 million and $1.2 million, respectively. At the same time, we’re seeing a counter-intuitive trend in the U.S., Germany and the UK – fewer customers abandoned companies that had a data breach. These are the same countries where notification rules are toughest and notification costs highest, yet customers were less likely to take their business elsewhere.
While we don’t know how the cost of lost business will trend – it could go up – legal costs will only drive up overall cost, so a small dip in lost business is a cold comfort to those facing class action lawsuits.Tags: Cost of a Data Breach, data breach, notification laws