Update on Data Breach Costs
Ponemon Institute has conducted a new global study for IBM on the cost of data breach. Almost 500 companies that experienced a data breach participated. Here are the findings:
- Globally the average cost of a data breach is $3.86 million; this is a 6.4% increase from 2017, almost 10% more than 2014.
- Costs of a “mega breach” – between one and 50 million records – were between $40 million to $350 million.
- 10 out 11 data breaches were caused by malicious or criminal attacks.
- The average time to detect a data breach was 197 days, with an additional 69 days to contain it. For “mega breaches” time to detect and contain was 365 days – a full year.
- Companies that contained a data breach in less than 30 days saved over $1 million compared to companies that took longer.
- Average cost per lost or stolen record was $148, but this varies by region and type of business.
These numbers underestimate the cost of a data breach. Business interruption, loss of reputation and customer turnover costs are harder to quantify. Companies need a response plan to minimize these costs, including purchasing cyber insurance.