Ponemon research: Cost of a breach rising, U.S. hit hardest

October 17, 2014

Sharon Shea

While the term has become a cliché in the security industry, if ever there were a "year of the data breach" in the U.S., 2014 would be a strong contender.

Just about every week since the infamous Target data breach late last year, there's been yet another data breach confession from a well-known U.S. company.

Now, a report released this week by Ponemon Institute LLC may definitively prove that 2014's epic string of major corporate data breaches is not only unprecedented, but also resulting in dire consequences.

Ponemon's 2014 Global Report on the Cost of Cyber Crime, which surveyed 257 companies in seven countries, reported a 10.5% increase in the number of cybercrimes in 2014 versus 2013. The average cost of cybercrime per company also rose from $7.2 million last year to $7.6 million this year. The report also highlighted that it took an average of 31 days to contain a breach, costing the affected company an average of $640,000 during the time period, or just over $20,600 per day. This increased 23% over 2013's 27-day, $510,000 cost.

Social media was abuzz with the facts and figures; Twitter users are grumbling about the findings:

However, when it came to solely U.S. cybercrime, the figures were much bleaker. The average cost of a breach in 2014 in the U.S. was $12.7 million, a 96% increase over the course of five years. The U.S. also saw a 176% increase in the number of attacks, with an average of 138 successful attacks per week in 2014 versus 50 per week when the survey was first conducted in 2010. The average number of days to resolve an attack in the U.S. increased in the same time period by 33% to 45 days -- two weeks longer than the national average -- at a cost of nearly $1.6 million during the period, or $35,400 per day.