Identity Theft from data breaches has grown steadily over recent years. Take a guess – how much do you think it costs to clean up a data breach on average? The numbers surprised me.
For the companies getting hit by data breaches, the costs associated with dealing with the fallout are rising. The average cost of dealing with a data breach in the U.S. was $5.4 million last year, while the average cost world-wide for every record exposed in a breach was $136. The average per-record cost in the U.S., stood at $188. This according to the 2013 Cost of Data Breach Study: Global Analysis from internet security firm Symantec and the Ponemon Institute.
As we have noted here before, the level of risk of identity theft varies significantly with the type of breach. So does the cost. A majority of breaches last year – 64 percent - resulted from either human error or problems with transporting information or the systems storing the information themselves. The other incidents, the result of hacking attacks, tend to be far more expensive to deal with. The roughly 37 percent of breaches caused by hackers carried a per-record price tag in the U.S. of $277.
"Given [that] organizations with strong security postures and incident response plans experienced breach costs 20 percent less than others, the importance of a well-coordinated, holistic approach is clear," said Anil Chakravarthy, executive vice president of the Information Security Group at Symantec. "Companies must protect their customers' sensitive information no matter where it resides, be it on a PC, mobile device, corporate network or data center."
When data breaches occur from hacking, consumers may be at significantly higher risk for identity theft and related issues. Javelin Strategy & Research’s latest breach analysis predicts that someone whose data is stolen in a hacking breach will have a 1-in-4 chance of becoming a fraud victim. Those are not long odds.
Javelin estimates that in 2010, if an individual received a data breach notification, there existed about a one in ten chance that the individual would become a victim of identity theft fraud. In 2012, the correlation has jumped to one in four.
Take, for example, last year's breach of a Utah Department of Health server that resulted in the theft of personal information of 780,000 Utah citizens. Javelin estimates the likely result of up to $500 million in fraud and other damages to the victims.
Writing on Javelin's website, Alphonse R. Pascual, senior analyst in Javelin’s Security, Risk & Fraud group noted “The bad guys are getting better at using the information obtained from breaches to commit fraud. They are getting better at mining the data, and they are getting better at selling it.”
He concluded "based on Javelin's calculations, 122,000 cases of fraud will occur as a result of this breach with each incident resulting in $3,327.87 of loss. Each Utahn whose info is misused as a result of this data theft will incur $770.49 in out of pocket costs and spend 20 hours resolving these cases - taking time off of work to file a police report or to secure legal representation is neither free nor convenient."
What this means to you is simple: if you are notified that your personal data has been exposed by a database being hacked - as opposed to a computer tape that has gone astray - you need to act and act quickly. The holder of the hacked database might offer to pay for a year or two of credit report monitoring with one of the three credit reporting services. Take them up on their offer, but as we have said repeatedly here, this will offer you only minimal protection.
You should consider subscribing to one of the identity theft protection services, like our Identity Guard service, that monitors not just credit reports but numerous other sources that might show you personal information being fraudulently used before any such activity might show up on your credit report.