The True Cost of Data Breaches

2016 Data Breach Cost-per-Record.jpg

It is a Data Breach World!  2015 was a banner year for the loss of sensitive records.  Over 700 million records were exposed, with government and healthcare organizations representing the biggest victims.  Wrapping our minds around the loss and subsequent costs is beyond difficult.  With 80 thousand records lost every hour, a stream of never ending headlines, executives stepping down, and a steady increase in the grumblings of consumer opinions, how can we quantify the risk picture?  Some models exist, attempting to pin a cost-per-record by averaging widely varying extremes across an ever changing spectrum of damages, but the results are often less than comprehensive or accurate when applied in a predictive nature.  The question of costs and impacts are becoming ever more needed by executives who are trying to manage the risks.  What are the factors?

When an organization suffers a data breach, a number of challenges, cascading effects, and business decisions contribute to the total of all the associated costs.  The scope extends beyond a fixed dollar-per-stolen-record calculation, as it invariably includes expenditures for new security measures, legal fees, third-party forensic services, changes to business processes, as well as a loss of reputation and customer goodwill.  There is a complex set of chain reactions which occur after every significant data breach, each adding its own contribution to the overall cost and business impact.

I had the pleasure of speaking to the topic at the 2016 iSMG Fraud and Data Breach Summit in San Francisco.  I briefly covered the range of impacts, popular cost models, detailed the different cost aspects, provided recommendations, and even touched on where the attackers will be taking data breaches in the future.  Ultimately, we must conclude the actual costs of Data Breaches is more complex than the common perception.  A better understanding of the costs and risks-of-loss, provide valuable insights to organizations seeking to determine their desired path and achieve their optimal level of security.


The presentation slides are available on 

Interested in more?  Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.

Published on Categories SecurityTags ,
Matthew Rosenquist

About Matthew Rosenquist

Matthew Rosenquist is a Cybersecurity Strategist for Intel Corp and benefits from 20+ years in the field of security. He specializes in strategy, measuring value, and developing cost effective capabilities and organizations which deliver optimal levels of security. Matthew helped with the formation of the Intel Security Group, an industry leading organization bringing together security across hardware, firmware, software and services. An outspoken advocate of cybersecurity, he strives to advance the industry and his guidance can be heard at conferences, and found in whitepapers, articles, and blogs.