IBM Security have announced the results of a global study examining the full financial impact of a data breach on a company’s bottom line. Overall, the study found that hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage.
Sponsored by IBM Security and conducted by Ponemon Institute, the 2018 Cost of a Data Breach Study found that the average cost of a data breach globally is $3.86 million, a 6.4 percent increase from the 2017 report. Based on in-depth interviews with 2,200 professionals from 477 organisations that experienced a data breach, the study analyses hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notifications, legal and regulatory activities, and cost of lost business and reputation.
For the first time this year, the annual study offers insights into “mega breaches” that resulted in the exposure of more than 1 million compromised records:
- Mega breaches of 1 million records yield an average total cost of $40 million
- Mega breaches of 50 million records yield an average total cost of $350 million
The study shows that across the board the cost of data breaches rose from last year:
- Average total cost of a data breach increased 6.4%, from $3.62 million to $3.86 million
- Average cost for each lost record increased 4.8%, from $141 to $148
- Average size of the data breaches in the study increased by 2.2%
- Average global probability of a material breach in the next 24 months increased .2%, from 27.7 to 27.9%, with South Africa at the highest probability (43%) and Germany at the lowest probability (14.3%)
- The United States is the costliest country in terms of indirect damages, notification costs, post–data breach response costs, and overall cost of data breaches
The study also notes the following:
- Third-party involvement or cloud migration increased the cost per record
- 52% of the breaches in the study were attributed to human error or negligence
Also, for the first time, the report examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach. The analysis found that organisations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach ($2.88 million, compared to $4.43 million for those who had not deployed security automation).
For the 8th year in a row, Healthcare organisations had the highest costs associated with data breaches – costing them $408 per record – nearly three times higher than the cross-industry average ($148).
“The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute. “While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”
Does your organisation need assistance detecting and monitoring breaches? Want more information on Data Loss Prevention? Click here to learn more.
To download the 2018 Cost of a Data Breach Study: Global Overview, visit https://www.ibm.com/security/data-breach/