[BreachExchange] Cost of education data breaches averages $245 per record

Thu Jul 20 05:05:21 EDT 2017

http://www.educationdive.com/news/cost-of-education-data-breaches-averages-245-per-record/447376/

Dive Brief:

- The average cost for data breaches in the U.S. education industry
has risen to $245 per capita (or per record lost), which is $45 above
the worldwide average, according to a new study from the Ponemon
Institute.
- The report found that two trends in technology use within K-12 and
higher education institutions tacked on expenses: the increasing use
of mobile platforms, which created an additional cost of $6.50 per
capita, and compliance failures, which added $19.30 per capita for
data breaches, Campus Technology reports.
- Significantly, the report finds that the high costs are in large
part due to the fact that, in education, it takes much longer to find
and contain data breaches, with a worldwide average of 221 days for
the first part of containing the breach, and another 83 days after to
fully deal with it. In comparison, the financial sector usually takes
around 155 days.

Dive Insight:

As education stakeholders across the spectrum consider ways of cutting
costs, looking toward data security is one of the more obvious and
simpler steps to take. As more colleges and universities adopt online
education and move toward technology-heavy campuses, it's imperative
that CIOs work not only with students, but also with faculty to ensure
that they understand the importance of protecting their sensitive
data. At the same time, it's important for higher ed leaders to take
steps to update their infrastructure for data handling to ensure that
the reputational and financial consequences of a potential data breach
are mitigated and handled swiftly. An example of this comes from
recent data theft at Washington State University, which had to send a
letter to one million people explaining that their personal
information had been stolen from a hard drive in a safe.

And at the K-12 level, where schools are now moving rapidly toward 1:1
technology adoption and modern computer systems for handling student
data, it is important that administrators look toward their higher ed
counterparts in order to learn the best ways of preventing a data
breach. The model for cybersecurity in K12 schools is both new and
increasingly necessary to develop, and leaders must be aware that
their students, who are more tech-savvy than previous generations,
will demand from CIOs and other IT decision-makers more emphasis on
security. And for these stakeholders, preventing a data breach just
makes economic sense in the long run.

Some key ways of being proactive about cybersecurity across all levels
of education include training programs for faculty and students on the
importance of developing strong passwords and recognizing illegitimate
sites, cultivating a fast response system to any potential sign of a
data breach, putting in place measures for two-factor
authentification, and updating infrastructure so that an operating
third party handling the storage of data can step in quickly and
prevent excessive damage.