Average Cost Per Record of US Data Breach in Ed: $245

The average cost of a data breach in the United States rose for the fourth straight year, hitting $225 per compromised record--the highest it has been since 2006, when the Ponemon Institute began to publish research on the topic.

In education, which tends to be more heavily regulated regarding data privacy, the average "per capita" cost for 2017 in this country is even higher: $245. That's considerably more than the worldwide per-record cost in education of $200. (Per capita represents the total cost of the data breach divided by the number of lost or stolen records.)

According to Ponemon's "2017 Cost of Data Breach Study," the average total organizational cost across all segments, not just education, is $7.35 million, up almost five percent over last year's $7 million. The average number of records exposed was 28,512. The major component of that expense--about $1.51 million--is related to the business lost because of the breach: turnover of customers or "churn," increased customer acquisition cost, "reputation losses" and "diminished goodwill." Education, as an industry, experiences far less churn (1.8 percent) compared to other segments, such as financial or life sciences (7.1 percent and 5.7 percent, respectively).

The next largest portion of the expense ($1 million) is tied to detection and escalation efforts, such as forensics, root cause determination, identifying victims and organizing a response. That's followed by related services ($930,000), such as help desk operations, inbound communications, product discounts and setting up subscriptions to identity protection services for victims. The smallest aspect of the cost of a data breach is the expense of notifying the affected people and regulators; that equals about $199,000.

Ponemon reported that nearly half of U.S. data breaches (47 percent) are due to "malicious or criminal attack." These are also the most expensive type of breach to resolve. Another 28 percent come about through human error; and 25 percent occur because of "system glitches, including both IT and business process failures."

New factors that the research took into consideration as the results were being compiled included two areas of importance to schools: the extensive use of mobile platforms, which tacked an additional cost of $6.50 per record breached, and compliance failures, which added a whopping $19.30 per capita.

Compared to other types of organizations, education tends to take a long time to identify and contain data breaches. On average, worldwide, education takes 221 days for the first part of the work and 83 days for the second part. As a comparison, financial takes only 155 days to identify a potential breach and 34 days to respond and contain it. those aspects are important, the research noted, because the longer the duration of those two aspects of data breaches, the higher the cost to the organization.

The report offered several strategies for reducing the cost of future data breaches. For example, organizations that have an incident response team in place tend to lower the damage control cost per record by more than $19. Those that use encryption extensively save about $16. And a solid training program for employees has an impact of $12.50. These aren't cumulative because there's so much overlap, explained Researcher Larry Ponemon during a recent presentation covering the results of the report. "Companies that have an [incident response] team probably also use encryption extensively."

Keeping up with the bad guys "can be a problem," Ponemon added. However, in the many years he has studied data breaches, he has also seen a positive side: "Most organizations that we have studied over time have improved their security posture by using more and better technologies and relying more on intelligence [and becoming] more systematic in terms of how they approach the data breach event." That's a trend, he noted, "consistent across industries and also geographies."

The full study examined the cost of data breaches for 419 companies worldwide in 17 industries. IBM sponsored the research. Both the worldwide report and country-specific reports are available for registration on the IBM security website here.

About the Author

Dian Schaffhauser is a former senior contributing editor for 1105 Media's education publications THE Journal, Campus Technology and Spaces4Learning.

Featured

  • SXSW EDU

    Explore the Future of AI in Higher Ed at SXSW EDU 2025

    This March 3-6 in Austin, TX, the SXSW EDU Conference & Festival celebrates its 15th year of exploring education's most critical issues and providing a forum for creativity, innovation, and expression.

  • man working on laptop outdoors

    Digital Leadership Must-Haves for 2025: A CDO's Picks

    Now that he's more than a year and a half into his chief digital officer role at NJIT, we've asked Ed Wozencroft to reflect on his areas of concentration: What work must digital leaders "own" in 2025?

  • From Fire TV to Signage Stick: University of Utah's Digital Signage Evolution

    Jake Sorensen, who oversees sponsorship and advertising and Student Media in Auxiliary Business Development at the University of Utah, has navigated the digital signage landscape for nearly 15 years. He was managing hundreds of devices on campus that were incompatible with digital signage requirements and needed a solution that was reliable and lowered labor costs. The Amazon Signage Stick, specifically engineered for digital signage applications, gave him the stability and design functionality the University of Utah needed, along with the assurance of long-term support.

  • digital artwork of glowing, interconnected neural-like shapes on a gradient background of deep blue and vibrant purple

    Google Announces Upgrade to Flagship Gemini AI Platform, Enhancing Multimodal Capabilities

    Google has launched Gemini 2.0, designed to empower enterprise users and developers with advanced multimodal capabilities and enhanced performance.