Brazil remains one of the top IT outsourcing destinations in Latin America on a number of ranking lists, yet costs are starting to spiral. As data security concerns escalate, the costs of such breaches become important for business decision-makers and real data from across Latin America is needed to really provide an accurate picture of what is happening.
Behind the Data
The Ponemon Institute, in collaboration with IBM, has been publishing the Cost of Data Breach study in the US and in Brazil for 10 years. The data is compiled from information provided by 34 Brazilian companies that incurred some sort of data breach incident in the past year. The per capita cost is derived from reported estimated actual incident costs from the 34 companies.
The per capita cost refers to the average cost per compromised record in a data breach. The $56.81 (R$175) per capita cost reported is an 11% increase from 2014’s $50.97 (R$157) cost per record. The study includes direct and indirect costs of the data breach in the calculation of per capita costs. In comparison, the study found the average cost per compromised record in the United States is $217.
Until recently the IBM Ponemon Institute study was the only study that looked at cost of data breach. This year, however, Verizon conducted its own study and released results that were in stark contrast with that of the Ponemon study, much to the distress of the Institute. The key difference is that where the Ponemon study puts average cost per compromised record at just over $150, the Verizon study pegged it at $0.58 – a startling contradiction and one which points to the problematic nature of such research. Significantly, the Verizon study did not included any data from Brazil and thus cannot be used as a point of comparison for this particular data point.
What It Means
Since no other Latin American country is included in the Cost of Data Breach study it is difficult to compare the data breach per capita cost for Brazil and determine if it is in line with that of other countries in the region. The study covered data from United States, United Kingdom, Germany, Australia, France, Brazil, Japan, Italy, India, the Arabian region (United Arab Emirates and Saudi Arabia) and Canada.
Since the study covered companies across industries, the study does reveal differences in the costs of data breaches across sectors. However, a sample of 34 companies cannot provide a full picture across all included industries, making some of the data problematic. According to the study report, “Services, communications, energy and financial services had a per capita data breach cost substantially above the overall mean.” The report noted that approximately 14% of companies surveyed were in financial services, equating to a real figure of just under 5. Similar percentages were recorded for communications and services.
Despite these weak points, the data is useful in providing a snapshot of possible data breach costs in Brazil. Additional data points are needed to provided a regional overview and identify benchmark averages for points of comparison.
Data security concerns are not going to disappear anytime soon and data about the cost of such breaches across different parts of the world is important to understanding how these incidents play out in different countries and what companies with operations in those parts of the world can expect when such a breach occurs. What is needed is a greater number of data sets representing data from across Latin America and contrasting studies that provide opportunities to discuss and debate these findings.