Ponemon Data Breach Study: Who has an extra $4M laying around?

Skybox Blog Team Jun 27, 2016

According to the 2016 Cost of Data Breach Study put out by the Ponemon Institute (and in conjunction with IBM), the average cost of an enterprise data breach jumped up to $4 million. That’s a five percent bump over 2015, though the cost of data breaches hasn’t varied much since the study began in 2005.

  • People Problem

Not surprisingly, most of the data breaches of 2015 (48 percent) were caused by hackers and malicious insiders as opposed to a fat-fingered misconfiguration of a security device. But that doesn’t mean mistakes were insignificant – human error contributed to 25 percent of the breaches, whereas 27 percent were attributed to system glitches.

  • Hot Ticket Healthcare Records

For those who are responsible for the prevention of a data breach, you can save your organization a significant sum. The average cost of a breached data record was $158, but regulated industries like banking, financial services and healthcare found that their cost on a per-record level was significantly higher than average. Healthcare tipped the scales with a whopping cost of $355 per record breached.

One of the more frightening conclusions of the study was that Ponemon believes that it has enough data to establish the probability an organization will experience a data breach of at least 10,000 records in the next two years: it’s one in four (26 percent).

  • Help!

While these statistics are pretty bleak, there are some early signals you can look for to avoid being that one in four. Your attack surface has several Indicators of Exposure (IOEs) that can be tell-tale signs that you’re prone to attack. Those include device misconfigurations and overly permissive access rules that make it easier for malicious attackers and rogue insiders to get in and around critical parts of your network. They also include new, exposed or suspiciously dense software vulnerabilities on your network devices and endpoints. Understanding these indicators and directing your security teams to resolve the most critical ones first can mean the difference between secure networks, a minor incident or headline news.

So . . . do you need to add a $4 million line item to your budget?

Source: “2016 Cost of Data Breach Study: Global Analysis.” Ponemon Institute. June 2016.


By better understanding your security controls already in place and getting a better handle on software vulnerabilities, you can significantly reduce your attack surface and likelihood of needing an extra $2-4 million in your budget. To learn more about how Skybox Security can help you reduce your attack surface and exposure to breaches from hackers and malicious insiders, visit our solutions page to select your industry.

The Skybox Blog Team is a group of talented, security-conscious writers dedicated to bringing you insights into trending topics, IT security developments, and Skybox solutions.

Recent Posts

Cyberattacks in the COVID-19 era
Read More
3 Critical Flaws with Today’s Vulnerability Management Programs
Read More
The business of cybercrime: malware-as-a-service gains pace
Read More
Skybox Q&A: New VP Frederic Saint-Joigny highlights cybersecurity challenges in EMEA
Read More
Skybox Q&A: New VP of Channel Lance Buchholz on emerging opportunities for cybersecurity partners
Read More
How to mature your cybersecurity program
Read More