2016 Ponemon Cost of Data Breach Study – The less obvious conclusions

Untitled design (1)The 11th edition of the 2016 Ponemon Cost of Data Breach Study presents an in-depth analysis of the cost of data breaches across the world, its specific components and the factors that affect it. At the same time, the study provides insights into the likelihood of data breaches for the next year.
This year’s report shows higher costs year over year for most of the metrics taken into consideration, in spite of increasing IT security budgets. 
Key findings, compared to the last year:

$4M in average, for a data breach in 2016

The study reports a 5% increase over 2015 ($3.8M). The average data breach cost varies with country, but the top 5 is not changed. The US leads this top by far, followed by Germany. In the US, the average cost of a data breach is $7.01M, 40% ($2M) more than the second country in the top, Germany.
The heavily regulated IT landscape in the US contributes significantly to the consistent difference between the data breach costs here, and other countries.

$4 more per breached record

There is a slight increase in the average cost of a breached record. US is still in the lead from this perspective, showing a price of $221, well above the average.

756 more breached records per incident in 2016 (global average)

The average number of breached records per incident reached 23,834 in 2016, US experiencing an average of $29,611 – well above the global average, but only third in the top (where India and the Middle East lead)

Cost per breached record – more than double for Healthcare

While the global average is $158, Healthcare organizations pay $355 in average, leading the top. Next are educational, financial and services industries, all with costs above the average.

Cost components

The average incident detection cost is $1M, highest in Canada ($1.6) and lowest in India ($0.53M). While the US has a cost below average ($0.73M) for detection and escalation, it leads the top when it comes to notification costs ($0.59M, double the cost in the next country in the top, France). Post response costs are highest in the US ($1.72M) and Germany ($1.54M), while US leads the upper part by far when it comes to the cost of business loss ($3.97M)


The probability to experience a data breach is slightly higher compared to 2015 irrespective of the potential size of the incident. (0.256 compared to 0.245 for an incident between 10,000 and 20,000 records)
Time to detect a data breach ranges from 20 days to 1 year and a half, with an average of 201 days while the mean time to contain a data breach is 70 days.


According to the last 3 studies, the situation is not improving: the costs grow, so does the number of incidents (according to other sources) and so does the number of breached records per incident. All these in spite of increased security awareness, bigger IT security budgets, better and evolving security solutions, and, last but not least, more experience every year. In theory, with all the controls and budgets and experience in place, one would expect the statistics to have looked better. But they do not, and the reasons why are elusive.

Do hackers evolve faster? Are IT security investments misplaced? It would be interesting to see a similar report with a breakdown on the size of the companies. Smaller companies have less security but still carry a risk of losing a big number of records. Does the challenge of delivering security to such companies hold the key to improving on the data breach statistics? At the same time, including companies experiencing smaller breaches, starting with 500 or 1000 lost records per breach would bring more insight into the dynamics of the phenomenon, and associated costs. In the US, it is mandatory to report breaches of more than 500 records. Although costs in these cases are not measured by millions, the number of such incidents is significant enough to be held into consideration.

In the end, the longer it takes to detect a breach, the higher the costs will be. For example, if more than 100 days pass until detection, the cost of the incident shoots up by more than $1M. Then, the bigger the number of breached records, the higher the costs. While this is evident, there are also the cases – and they are not few – when the number of breached incidents is unknown because not enough information is available. For example, according to the study, an incident of 10,000 records costs around $2M. If you hold 60,000 records and cannot assess the size of the breach, you will have to pay for all of them (even if in fact you only lost 10,000). The study identifies a cost of $6.7M for more than 50,000 records.

Hence, the ability to identify a breach soon after it happened, and also to assess the size of an incident are critical for damage control and reducing associated costs. Having all the information at hand also reduces the time to contain metric, further decreasing the costs to contain the incident.

How we can help

TEMASOFT FileMonitor, our file monitoring product, delivers file access auditing and analysis technology that enables IT admins to detect security incidents that may evolve into data breaches, thus reducing the time to detect a data breach. At the same time, the information generated and analyzed by the product allows further investigation, enabling accurate assessment of the size of the breach and facilitates the forensic investigation, reducing the time to contain the incident. Overall this technology helps cut and contain the majority of costs involved in a data breach incident, compared to incidents where such technology is missing. Its file integrity monitoring functionality also contributes to maintaining secure environments.

TEMASOFT offers this functionality for FREE for up to two workstation PCs, for personal use.

Liked this article? Follow us on LinkedIn for more, or subscribe to our newsletter.

Download the full “2016 Ponemon Cost of Data Breach Study” here.