Nebraska Breach Notification Reports

How much will a data breach cost you?

The Goosmann Law Firm recently completed a study of the information provided to the Nebraska Attorney General's office under the breach notification statute. Since the breach notification statute went into effect in 2016 there have been 667 notifications submitted. This article will be the first in a series analyzing the information and comparing the Nebraska statistics with US and global surveys.

The submission form for breach notification designed and used by the Nebraska Attorney General is a fantastic form for collecting and analyzing the data! The Nebraska data breach reporting form collects a number of  details, descriptions, and facts which allow the readers and users to draw conclusions and create a basis to form recommendations. Nebraska’s data breach form collects information on the type of organization, the type of breach, the number of records stolen, and several other data points. According to the Nebraska data, the total number of records breached totaled 5,612,198,979 while the total for Nebraska residents is 2,049,316 - 2 million records for a state which has less than 2 million in population.

A recently completed global study regarding the cost of a cyber breach concluded that the average cost of a cyber breach was approximately $148 per record. Thus, for every record a company collects or keeps on customers, clients, vendors, target market, etc., a company will pay on average $148 per record in remediation expenses for a cyber breach.

The number of $148, however, is a global average for remediation while the US figure is even greater. An average data breach in the US is $233 per breach or about 57% higher than the rest of the world. The higher average in the US can be attributed to a larger number of companies compiling and collecting data for business and marketing purposes. The increase can also be attributed higher than average labor costs associated with incident response in the US.

Applying the averages for the global and US averages, the average cost per incident for a data breach affecting Nebraska residents is $462K and $727K respectively. Knowing such information can make calculating the financial exposure of a data breach relatively straightforward. This information is also very useful in determining budgets for cyber security or determining the necessary amount of cyber insurance.

Conclusion: The US average cost for recovery from a data breach is significantly higher than the Global average. Companies can calculate their cyber remediation exposure by taking an inventory of the number of  records kept on contractors, vendors, customers, etc. Companies can also use such data to determine remediation budgets and the amount of cyber insurance needed and thus create a reasonably finite picture of their financial exposure to cyber threats.

The next article in the series will discuss the types of breaches affecting Nebraska residents. With questions regarding this information, contact our Omaha, Sioux City, or Sioux Falls office today!

A special thank you to Cassidy Bottjen for helping to compile the data!