Update on Data Breach Costs

Update on Data Breach Costs

July 26, 2018 Business Insurance and Risk Management, The Beacon Blog 0 Comments

Ponemon Institute has conducted a new global study for IBM on the cost of data breach. Almost 500 companies that experienced a data breach participated. Here are the findings:

  • Globally the average cost of a data breach is $3.86 million; this is a 6.4% increase from 2017, almost 10% more than 2014.
  • Costs of a “mega breach” – between one and 50 million records – were between $40 million to $350 million.
  • 10 out 11 data breaches were caused by malicious or criminal attacks.
  • The average time to detect a data breach was 197 days, with an additional 69 days to contain it. For “mega breaches” time to detect and contain was 365 days – a full year.
  • Companies that contained a data breach in less than 30 days saved over $1 million compared to companies that took longer.
  • Average cost per lost or stolen record was $148, but this varies by region and type of business.

These numbers underestimate the cost of a data breach. Business interruption, loss of reputation and customer turnover costs are harder to quantify. Companies need a response plan to minimize these costs, including purchasing cyber insurance.

About the Author

Harry Cylinder

Harry Cylinder, CPCU, ARM has spent nearly fifty years in the insurance industry, the majority of the time as a consultant. He has been employed by The Beacon Group of Companies since 2008, specializing in the review and analysis of property and casualty coverage forms. Mr. Cylinder has been reviewing policy forms as they have evolved over the past decades. In 2008 he published an article in the CPCU Journal which was the first description of cyber insurance coverage for a general insurance audience. Since that time he has regularly written on cyber and other topics for The Beacon Companies’ blog.