Cross-posted from the Marketplace K-12 blog.
Data breaches are costing companies in education up to $300 per compromised record, making it the second most impacted sector—behind only healthcare—for businesses with lost or stolen records globally, according to research released Wednesday by the Ponemon Institute.
Four education companies were included in the study of 350 businesses in 11 countries that experienced data breaches in 2014. For all companies, a 23 percent increase in the total cost of a data breach was reported, compared to 2013.
In the U.S., the cost of handling a data breach is up to $225 per compromised record, the organization found, although only one company provided information about its response to a data breach. Researchers protected the identities of the businesses responding to its study.
Education companies pay considerably more for each lost or stolen record than the average of companies in all industries reporting breaches, which is $154 globally and $217 in the U.S. On the other hand, education companies are less likely to lose customers as a result. They are among the lowest-ranked industries for “churn,” which is described as the loss of existing customers.
The bar graph below illustrates where education companies fit into the global picture for cost of breaches.
The many forms that education data take—and the sensitivity of that data—are primary reasons costs are so high, said Larry Ponemon, founder and chairman of the Traverse City, Mich. research business, in a phone interview. Students’ personally identifiable information, students’ diagnoses, assessment results, and parents’ financial information are among the confidential data that could be compromised, he said.
While saying that companies’ identities are kept anonymous, Ponemon pointed to Pearson, the London- and New York-based global education company, when giving an example of the kind of exposure companies in the education sector can face. He noted that Pearson’s reach extends to collecting data for assessments and through online educational resources, at various educational levels and in multiple countries.
Causes of Data Breaches
For all industries, most data breaches—both globally and in the U.S.—are caused by hackers’ or criminal insiders’ malicious attacks, the study found. (See chart below.)
In the U.S., malicious or criminal attacks account for 49 percent of all breaches. System glitches are the cause of 32 percent of breaches, and human error accounts for 19 percent.
Ponemon found that an increase in the frequency of cyber attacks—and in the costs to remediate—is one of the main reasons for the climbing costs of dealing with data breaches.
How Costs are Calculated
Researchers said companies identified the following costs incurred when a data breach is first discovered:
- Conducting investigations and forensics to determine the root cause of the breach
- Identifying the probable victims
- Deploying a team to respond to the breach
- Communicating with those affected, and handling public relations
After the breach, companies typically paid for:
- Audit and consulting services
- Legal services for defense
- Free or discounted services to the victims of the breach
- Losing customers
- Acquiring new customers, and providing loyalty programs for existing ones.
Charts: From 2015 Cost of Data Breach Study: Global Analysis”
A version of this news article first appeared in the Digital Education blog.