Average cost of a breach worldwide: $4.24 million
Average cost in the United States: $9.05 million
Most expensive sector: Healthcare with $9.23 million per breach had the highest
cost for the 11th year in a row.
Average cost per record: $161 ($180 for PII)
PCI Fines (companies dealing with credit card data):
- $5,000 - $100,000 per month, depending on size of business
HIPAA Fines (companies dealing with healthcare and medical records):
- $100-$50,000 per violation with a max penalty of $1.5 million per year for violations that are identical.
Graham Leach Bailey Act (GLBA) (applies to financial institutions, not just banks):
- Up to $100,000 per violation for the company
- Officers and directors can be fined up to $10,000 per violation
- Also includes criminal penalties of up to 5 years in prison and the possibility of revocation of licenses
Sources:
- https://www.ibm.com/security/data-breach
- https://www.lbmc.com/blog/pci-compliance-fees-fines-penalties/
- https://compliancy-group.com/hipaa-fines-directory-year/
- https://www.shredit.com/en-us/blog/compliance/the-gramm-leach-bliley-act
- https://digitalguardian.com/blog/what-glba-compliance-understanding-data-protection-requirements-gramm-leach-bliley-act