The average cost of a computer breach at large companies globally was $3.79 million, a survey released Wednesday found. For U.S.-based companies, the average cost was much higher, $6.5 million. USA TODAY
           
SAN FRANCISCO - The average cost of a computer breach at large companies globally was $3.79 million, a survey released Wednesday found. For U.S.-based companies, the average cost was much higher, $6.5 million.
The survey was conducted by the Ponemon Institute, a security research center, in conjunction with IBM. It surveyed 350 companies in 11 countries that had experienced a data breach, mostly in 2014. In the United States, 62 companies participated in the survey.
"The cost of a data breach, both the total organization cost as well as the cost per compromised record, increased substantially," said Larry Ponemon, chair of the institute.
Globally it has risen 23% since 2013. In the United States it's up 11%.
The average cost per lost or stolen record in the United States was $217. Globally the cost was $154.
Those costs included abnormal turnover of customers, reputation loss, diminished goodwill and paying for credit reports and aid to customers whose information was breached, said Ponemon.
While that's what each record costs the company that lost it, that same record is worth far less on the open market, said Caleb Barlow, vice president of IBM Security.
"Out on the dark side of the Internet, a credit card's worth about $1 if you're lucky, though a health care record can easily be worth $50," he said.
That's because credit cards can readily be cancelled so their worth plummets quickly. Health-care information, especially if it includes a Social Security number, is fixed and can be used by criminals for a long time.
Simply investigating breaches in and of itself is expensive, costing global companies on average just shy of $1 million per breach, the survey found.
While the public tends to see hackers behind every breach, actually slightly less than half of breaches, 47%, are caused by malicious or criminal attacks. Twenty-nine percent involved system glitches while 25% were the result of human error or negligence, the survey found.