A new global study by IBM Security has found that not only do data breaches cause more financial damage than businesses would like to admit, they are also generally difficult and expensive to manage.
The “2018 Cost of a Data Breach Study” was conducted by Ponemon Institute for IBM. Nearly 500 companies that experienced a data breach participated in the study, which analyses cost factors surrounding a breach such as investigations, recovery costs, notifications to the affected, as well as cost of lost business and reputation.
The study found that the average cost of a data breach globally is US$3.86 million; this represents a 6.4% increase from last year’s report. Another major finding of the study was that the cost of lost business makes up a third of the total cost of “mega breaches” (breach events where over a million records were lost) around the world – this means that for breaches of 50 million records, companies can lose about US$118 million.
IBM projected that these mega breaches, which can range from one million records lost to 50 million, can cost companies from US$40 million to as much as US$350 million.
Other notable findings of the report include:
“While highly publicised data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” commented IBM X-Force Incident Response and Intelligence Services (IRIS) global lead Wendi Whitmore in a release. “The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”