« Washington State Passes Bill Strengthening Computer Science Education | Main | Effective Digital Learning Games Blend the Virtual and the Real, Study Finds »

Data Breaches Cost Education Companies $300 Per Record, Study Finds

By Michele Molnar. Cross-posted from the Marketplace K-12 blog.

Data breaches are costing companies in education up to $300 per compromised record, making it the second most impacted sector—behind only healthcare—for businesses with lost or stolen records globally, according to research released Wednesday by the Ponemon Institute. 

Four education companies were included in the study of 350 businesses in 11 countries that experienced data breaches in 2014. For all companies, a 23 percent increase in the total cost of a data breach was reported, compared to 2013.

In the U.S., the cost of handling a data breach is up to $225 per compromised record, the organization found, although only one company provided information about its response to a data breach. Researchers protected the identities of the businesses responding to its study.

Education companies pay considerably more for each lost or stolen record than the average of companies in all industries reporting breaches, which is $154 globally and $217 in the U.S. On the other hand, education companies are less likely to lose customers as a result. They are among the lowest-ranked industries for "churn," which is described as the loss of existing customers.

The bar graph below illustrates where education companies fit into the global picture for cost of breaches.

DataBreachCostsGlobally.JPG

The many forms that education data take—and the sensitivity of that data—are primary reasons costs are so high, said Larry Ponemon, founder and chairman of the Traverse City, Mich. research business, in a phone interview. Students' personally identifiable information, students' diagnoses, assessment results, and parents' financial information are among the confidential data that could be compromised, he said.

While saying that companies' identities are kept anonymous, Ponemon pointed to Pearson, the London- and New York-based global education company, when giving an example of the kind of exposure companies in the education sector can face. He noted that Pearson's reach extends to collecting data for assessments and through online educational resources, at various educational levels and in multiple countries.

Causes of Data Breaches

For all industries, most data breaches—both globally and in the U.S.—are caused by hackers' or criminal insiders' malicious attacks, the study found. (See chart below.)

Causes of data breach.JPGIn the U.S., malicious or criminal attacks account for 49 percent of all breaches. System glitches are the cause of 32 percent of breaches, and human error accounts for 19 percent.

Ponemon found that an increase in the frequency of cyber attacks—and in the costs to remediate—is one of the main reasons for the climbing costs of dealing with data breaches.

How Costs are Calculated

Researchers said companies identified the following costs incurred when a data breach is first discovered:

  • Conducting investigations and forensics to determine the root cause of the breach
  • Identifying the probable victims
  • Deploying a team to respond to the breach
  • Communicating with those affected, and handling public relations

After the breach, companies typically paid for:

  • Audit and consulting services
  • Legal services for defense
  • Free or discounted services to the victims of the breach
  • Losing customers
  • Acquiring new customers, and providing loyalty programs for existing ones.

The "2015 Cost of Data Breach Study: United States" study is available here, and the global study can be accessed here.

Charts: From 2015 Cost of Data Breach Study: Global Analysis"


See also:


for the latest news on ed-tech policies, practices, and trends.

Notice: We recently upgraded our comments. (Learn more here.) If you are logged in as a subscriber or registered user and already have a Display Name on edweek.org, you can post comments. If you do not already have a Display Name, please create one here.
Ground Rules for Posting
We encourage lively debate, but please be respectful of others. Profanity and personal attacks are prohibited. By commenting, you are agreeing to abide by our user agreement.
All comments are public.

Follow This Blog

Advertisement

Most Viewed on Education Week

Categories

Archives

Recent Comments