Data Breach Cost Study Raises Red Flag on IoT

Connected devices heighten risks for companies while response teams and AI platforms lower them, according to Ponemon Institute

Data breaches have such wide-ranging effects that it’s tricky to predict the financial damage they might do. But still predictions are made.

This month the Ponemon Institute released its annual study that examines the costs of data breaches in the previous year as well as the factors that raised or mitigated those costs. Cybersecurity attorneys say that the report, while providing the typical fodder for legal departments and C-suites to mull over when assessing their data breach risks, points out some topics such as Internet-of-Things devices that will require their further attention.

Among nations surveyed, the U.S. unsurprisingly had the highest average total cost for a data breach last year at about $8 million, more than double the global average. That figure is expectedly rising as data breaches are increasing in size and exposing more records apiece. What is new in this year’s report, which surveyed 477 companies worldwide, is that it took into account whether they used artificial intelligence in their data security tools and whether they had extensive use of IoT devices.

According to the report, the average time it took for a company to identify a breach was 197 days, and the average time to contain it afterward was 69 days. But the report stressed the effectiveness of certain measures, such as having an incident response team of attorneys, investigators and other experts in place. That alone lowered the average cost per compromised record by $14 per capita.

To read this story and other complete articles featured in the July 23, 2018 print edition of Law Week Colorado, copies are available for purchase online.