Ouch! A Data Breach Now Costs $3.8 Million

From the consumer perspective, finding out your information has been compromised in a data breach is an annoying and costly interruption, but the business side is pretty unpleasant, too. The average data breach now costs the targeted company $3.8 million, or $154 per stolen record containing sensitive information, according to the newest edition of an annual report from Ponemon Institute, a data-security research organization. The average cost of a data breach is at its highest point in the 10 years the Ponemon Institute has been publishing its Cost of a Data Breach study.

The Cost of a Data Breach figures are based on interviews between the Ponemon Institute and security representatives of 350 organizations across a dozen countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, Saudi Arabia, United Arab Emirates, United Kingdom and the United States.

Breaches are most expensive in the U.S. and Germany, at $217 and $211 per stolen record (as opposed to the opposite end of the spectrum: $78 in Brazil and $56 in India). Breach costs also vary by industry. For a health care organization, the average cost per stolen record was $363. In retail, each stolen record costs a company $165.

There are many variables in what determines the cost of a particular breach, including whether the security lapse was a result of human error or an organized attack (cyberattacks are more costly). In general, data breaches are getting more expensive. That $3.8 million a company loses to an average data breach is a 23% increase from the 2013 report, and about 40% of that comes in the form of lost business. In 2013, data breaches cost organizations an average of $1.23 million in lost business, which increased to $1.57 million in this year’s report. In the U.S., lost business cost companies $3.72 million after a data breach, up 3% from 2014.

In its findings, the report highlights plenty of areas for organizations to improve if they want to reduce the cost of a potential data breach, but for consumers, there’s not really a positive takeaway. Your information is in the hands of companies that may or may not succeed in protecting it, so it’s crucial to take charge and have your own system for responding to a data breach. Monitor your accounts and personal information as best you can — checking your credit is a great way to detect fraud (you can get your free credit report summary on Credit.com, updated every 14 days) — and act quickly to stop any unauthorized use of your identifying data.