Average Cost Per Record of US Data Breach in Ed: $245

The average cost of a data breach in the United States rose for the fourth straight year, hitting $225 per compromised record--the highest it has been since 2006, when the Ponemon Institute began to publish research on the topic.

In education, which tends to be more heavily regulated regarding data privacy, the average "per capita" cost for 2017 in this country is even higher: $245. That's considerably more than the worldwide per-record cost in education of $200. (Per capita represents the total cost of the data breach divided by the number of lost or stolen records.)

According to Ponemon's "2017 Cost of Data Breach Study," the average total organizational cost across all segments, not just education, is $7.35 million, up almost five percent over last year's $7 million. The average number of records exposed was 28,512. The major component of that expense--about $1.51 million--is related to the business lost because of the breach: turnover of customers or "churn," increased customer acquisition cost, "reputation losses" and "diminished goodwill." Education, as an industry, experiences far less churn (1.8 percent) compared to other segments, such as financial or life sciences (7.1 percent and 5.7 percent, respectively).

The next largest portion of the expense ($1 million) is tied to detection and escalation efforts, such as forensics, root cause determination, identifying victims and organizing a response. That's followed by related services ($930,000), such as help desk operations, inbound communications, product discounts and setting up subscriptions to identity protection services for victims. The smallest aspect of the cost of a data breach is the expense of notifying the affected people and regulators; that equals about $199,000.

Ponemon reported that nearly half of U.S. data breaches (47 percent) are due to "malicious or criminal attack." These are also the most expensive type of breach to resolve. Another 28 percent come about through human error; and 25 percent occur because of "system glitches, including both IT and business process failures."

New factors that the research took into consideration as the results were being compiled included two areas of importance to schools: the extensive use of mobile platforms, which tacked an additional cost of $6.50 per record breached, and compliance failures, which added a whopping $19.30 per capita.

Compared to other types of organizations, education tends to take a long time to identify and contain data breaches. On average, worldwide, education takes 221 days for the first part of the work and 83 days for the second part. As a comparison, financial takes only 155 days to identify a potential breach and 34 days to respond and contain it. those aspects are important, the research noted, because the longer the duration of those two aspects of data breaches, the higher the cost to the organization.

The report offered several strategies for reducing the cost of future data breaches. For example, organizations that have an incident response team in place tend to lower the damage control cost per record by more than $19. Those that use encryption extensively save about $16. And a solid training program for employees has an impact of $12.50. These aren't cumulative because there's so much overlap, explained Researcher Larry Ponemon during a recent presentation covering the results of the report. "Companies that have an [incident response] team probably also use encryption extensively."

Keeping up with the bad guys "can be a problem," Ponemon added. However, in the many years he has studied data breaches, he has also seen a positive side: "Most organizations that we have studied over time have improved their security posture by using more and better technologies and relying more on intelligence [and becoming] more systematic in terms of how they approach the data breach event." That's a trend, he noted, "consistent across industries and also geographies."

The full study examined the cost of data breaches for 419 companies worldwide in 17 industries. IBM sponsored the research. Both the worldwide report and country-specific reports are available for registration on the IBM security website here.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • abstract pattern of interlocking circuits, hexagons, and neural network shapes

    Anthropic Offers Cautious Support for New California AI Regulation Legislation

    Anthropic has announced its support for an amended version of the "Safe and Secure Innovation for Frontier Artificial Intelligence Models Act," California’s Senate Bill 1047 (SB 1047), because of revisions to the bill the company helped to influence — but not without some reservations.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs Off on AI Content Safeguard Laws

    California Governor Gavin Newsom has officially signed a series of landmark artificial intelligence bills into law, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • Abstract illustration of a human news reporter interviewing an AI with a microphone

    AI on AI in Education: A Dialogue

    Scholars are doing lots of asking and predicting about the risks and rewards of generative artificial intelligence in school, but has anyone asked the all-knowing chatbots?

  • a stylized magnifying glass and a neural network pattern with interconnected nodes, symbolizing search and AI processes

    OpenAI Launching AI-Powered Search Engine

    OpenAI has unveiled SearchGPT, a new AI-powered search engine designed to access information from across the internet in real time. The much-anticipated prototype will provide more organized and meaningful search results by summarizing and contextualizing information rather than returning lists of links.