Data breaches have become more common and more devastating, and the average incident now costs a company nearly $3.8 million, according to a new study.
The Ponemon Institute’s annual “Cost of a Data Breach” study, released Wednesday morning, looked at data breaches at 350 companies in 11 countries. That average-cost figure rose about 8 percent in the 2015 study, compared with $3.52 million in 2014. It’s a 23-percent jump from 2013 figures.
“In the past, senior executives and boards of directors may have been complacent about the risks posed by data breaches and cyber attacks,” the Ponemon researchers wrote in their report. But the costs, both to the company’s reputation and to its purse, can no longer be ignored after a year of breaches at household names like Sony, they added.
More from NBC News:
Health industry can’t protect your records from hackers: Report
Stolen identity: 2.3 million Americans suffer medical ID theft
Penn State hit by China-based hacker, university says
Companies are being forced to shell out more for breaches for a few reasons: There are simply more cyberattacks, companies are losing more customers after data breaches and the cost of investigating and fixing the causes of the breaches is on the rise.
As the overall cost of breaches has increased, so has the average cost per compromised record, which rose to $154.
Certain types of data are even more costly to affected companies. For example, lost or stolen healthcare records cost companies $363 each, and education records average about $300. If hackers get a hold of those types of records, they can typically fetch much more on the black market than they could with, say, just a credit card number.
Hackers and “criminal insiders” were behind 47 percent of the breaches in Ponemon’s study. Of those firms struck by malicious and criminal attacks, American and German companies spend the most to resolve them: $230 and $224 per record, respectively.