Highlights: Ponemon Institute Cost of a Data Breach Report


Respected research organization, The Ponemon Institute, released its 2017 Cost of a Data Breach report in June.  Globally, there have been some improvements related to cost of a breach however, when looking at the cost of a breach in the country specific report for the United States, the cost has increased.   Higher Education in particular continues to be in the top tier globally and regionally for data breaches.

Here are some additional highlights specifically from the United States report:

  • On average in the United States it takes 206 days to detect a breach.  Organizations who identify a breach in 100 days or less saw a 31% decrease in their overall cost of a breach.
  • On average in the United States it takes 55 days to contain a breach.  Organizations who contain a breach in less than 30 days or less saw a 33% decrease in their cost of containment.
  • In the United States higher education sector, the average cost of a breach per record was $245.  This is 9% higher than the overall cost of a breach in the United States.
  • Positive factors affecting the cost of a breach include (reduce the cost):
    • Having an incident response team and plan in place
    • Extensive use of encryption
    • Extensive use of DLP
    • Participation in threat sharing
    • Use of security analytics


Detection capabilities is crucial to reducing the overall cost of a data breach.  The longer an intruder remains in your environment undetected the more damage they will do.   Developing incident response plans or moving toward a continuous response model have tremendous benefits to reducing the “dwell time” of an attacker.  Last, NSHE continues to develop and improve upon our threat sharing model.   The more intelligence shared within our community the better equipped we all can be to combat threats, improve detection capabilities, and reduce overall costs in the event of a compromise.

Complete copies of the global and country reports are available through the sponsor of the report, IBM at the link below: