Interpretation of the 2017 Global Data Breach Cost Research Report

In early July, the 2017 Global Cost of Data Breach Study report was released. The results showed that IBM Security and Ponemon Institute, two research institutions, surveyed 419 companies and the total cost of data breaches reached $3.62 million. The average cost of each lost or stolen record containing sensitive and confidential information reached $141. Compared with previous years, the scale of data breaches in enterprises and organizations this year is larger than before, with an average increase of 1.8%.

In recent years, large-scale data leaks have frequently occurred in government organizations and well-known companies around the world, especially in countries with advanced information technology. The research results come from 11 countries and 2 regions, from which 419 organizations were selected to participate in this year's research. By interviewing more than 1,900 experts from these organizations, we can understand:

How many customer records were lost in the data breach (i.e., size of the breach)?

What percentage of customers did they lose after a data breach (i.e., churn)?

What is the root cause of the data breach?

How long does it take to detect and contain a breach?

What are the costs of activities related to discovering and immediately responding to a data breach, such as forensics and investigation, and post-discovery activities, such as victim notification and legal costs?

The purpose of studying and analyzing the cost of data leakage through these samples is not only to calculate costs and predict trends, but the ultimate goal is to restore the full picture of these data leakage incidents through research and provide more valuable reference suggestions for the data security protection of organizations and enterprises. We have extracted some important points in the report as an important reference for thinking about how to avoid possible leakage incidents in the future through effective means in the big data era, so as to help companies avoid paying high costs for such negative events.

The main causes of data breaches

The report shows that among the main root causes of data breaches, 47% involved malicious or criminal behavior, 25% were due to employee or contractor negligence (human factors), and 28% involved system failures, including IT and business process failures.

Although this survey did not involve Chinese organizations and enterprises, this trend is consistent with the results of many domestic security studies. In the early days, malicious attackers targeted business systems with the purpose of causing business interruptions. In recent years, with the increasing value of data assets, malicious attackers have increasingly targeted the infrastructure for data storage - database systems. Vulnerability attacks and SQL injections against databases are constantly escalating, with the goal of stealing sensitive data. These data containing personal privacy or commercial secrets flow into the black market, and after being resold by multiple hands, they flow into the hands of more criminals. The Yahoo 500 million user information leak incident that shocked the world was caused by hacker attacks.

On the other hand, similar to the domestic situation, the proportion of human leakage by internal employees and contractors (i.e. third-party companies) is increasing year by year. The growth rate of enterprise informatization construction is increasing year by year. In addition to the improvement of internal staffing, in order to save labor costs, introducing third-party outsourcing companies to carry out system development, testing, analysis or agent operation and maintenance is a common solution at present. In this process, such people often hold high-authorized accounts in the database. On the one hand, there are high-risk operations and misoperations that may be generated by internal personnel, and on the other hand, data leakage incidents caused by third-party personnel, which has become another major cause of data leakage.

Fortunately, most industries in China have realized the risks of internal threats and data leakage from third-party personnel, and will actively seek technical means to avoid them. The emergence and application of database desensitization and database security operation and maintenance products are based on this. After the sensitive data is deformed and bleached, it can be safely handed over to third-party companies for use; even if internal and third-party operation and maintenance personnel have DBA high-authority accounts, they can still review and filter the operation and maintenance operations of sensitive data through the database security operation and maintenance system based on the approval flow mechanism to prevent misoperation and high-risk operations.

The size of the breach and the number of records lost or stolen

The survey results show that data breaches will lead to a decline in customer trust, and companies will also need to invest a lot of money in forensic investigations, data recovery, and related customer contact and legal costs. Cost analysis reveals the relationship between the average total cost of data breaches and the size of the incident. In this year's study, the average total cost of incidents with less than 10,000 lost records was $1.9 million, and the average total cost of more than 50,000 records was $6.3 million. Therefore, the more records lost, the higher the cost of data breaches. For this situation, the report mentioned that data classification storage plans are essential to understanding sensitive and confidential information.

This conclusion coincides with the data security governance ideas proposed by Anhua Jinhe. We believe that to achieve data security in use, the first step is to understand the data. By sorting out data assets, we can find out how many sensitive data assets you have, where they are distributed, and how they are used and what the access rights are. Grading and classifying data assets provides the original basis for establishing customized protection strategies.

Average total cost of a data breach versus incident size for 419 organizations

Which industries have the most expensive data breaches?

The global average cost of a data breach for each lost or stolen record is $141. However, the average cost for healthcare institutions is $380, and the average cost for financial services is $245. The data characteristics of the industry are common worldwide. The data in the medical and financial industries involve more personal privacy and asset information of the public, and the amount of data is huge. On the other hand, from a business perspective, the need for data concentration and sharing between these two industries and other industries is more obvious. From the perspective of China's national conditions, in addition to the overlap of business between these two industries, they also share data with many industries such as government, social security, industry and commerce, taxation and finance. In the process of data use and circulation, there are more nodes. Once a single point poses a security threat, it may involve a large-scale data leak across industries, and the resulting adverse social impact is difficult to estimate.

When we interacted with users in these industries, we found that they were more aware of data security protection. However, they also had another consideration. Due to the high complexity of the business and the wide range of applications, users hope to achieve security without affecting business stability and continuity. This places higher demands on technical means such as database firewalls and database encryption. These essential products need to have a foundation for the implementation of large projects to ensure performance requirements in complex scenarios.

This year's average cost of the comprehensive sample by industry classification and the four-year average

Extensive use of encryption reduces costs

The report states that widespread use of encryption could save an average of $16, or $125 per record ($141-$16).

In the database security protection system proposed by Anhua Jinhe, database encryption technology is defined as the bottom line of defense. The technical effect is to replace the plaintext data in the database storage layer with ciphertext and set up a strict permission verification mechanism. Even if the database file has been leaked, no one can crack it without the key and the highest authority. If the cost is saved by $16 per transaction, the implementation of a technical means can directly reduce the cost of a large-scale data leakage incident with more than 10,000 records by hundreds of thousands of dollars, or even more.

Time to identify and contain a data breach with an incident response team

In this year’s study, incident response (IR) teams reduced costs by $19 per compromised record. Therefore, companies with strong IR capabilities can expect adjusted costs of $122 ($141-$19 per record).

A few large domestic companies will set up special security emergency response teams. In addition, professional security companies should also have the ability to research security offense and defense, be able to provide users with timely and effective security incident response, quickly locate the source of the leak through technical means such as audit tracing and manual analysis, control the scale and trend of the leak in the shortest time, and be able to provide effective security reinforcement strategies by analyzing attack samples.

The increased costs of not identifying data breaches quickly

By understanding the opinions and analysis in the report, these precise mathematical calculations give us a more intuitive understanding of the consequences and impacts of data breaches. These valuable security suggestions and technical means do not cost too much, but can prevent companies and organizations from paying hundreds or even thousands of times the high cost for such negative events. The cost-effectiveness should be quite cost-effective.