Businesses run on risk: They take a chance, place their bets in the marketplace and often reap great rewards. But when thinking about the cost of a data breach, you may wonder about the price for your company and what, exactly, is at stake.

Here’s one way to think about it: You’re more likely to experience a data breach of at least 10,000 records (27.9 percent) than you are to catch the flu this winter (5–20 percent, according to WebMD). And as in the case of the flu, it’s crucial to act quickly and seek a cure for a speedy recovery. Since data breaches cost money, it’s best to take a cost-based approach to gain an accurate perspective of the problem at hand.

Sponsored by IBM Security and independently conducted by my team at the Ponemon Institute, the 13th-annual Cost of Data Breach Study includes two new factors in its analysis that influence data-breach costs: deployment of artificial intelligence (AI) and the extensive use of Internet of Things (IoT) devices.

The analysis also includes the cost of a so-called mega breach — an incident resulting in the loss of 1 million records or more — and the financial consequences of customers losing trust in your organization.

Download the latest Cost of a Data Breach Report from the Ponemon Institute

The Global Cost of a Data Breach Is Up in 2018

In this year’s study, the average cost of a data breach per compromised record was $148, and it took organizations 196 days, on average, to detect a breach. Overall, we found that the total cost, per-capita cost and average size of a data breach (by number of records lost or stolen) have all increased year over year.

Locations that experienced the most expensive data breaches include the U.S., where notification costs are nearly five times the global average, and the Middle East, which suffered the highest proportion of malicious or criminal attacks — the most expensive type of breach to identify and address. Data breaches are less expensive in Brazil and India, where detection, escalation and notification costs rank the lowest.

While the cost of a breach increased for organizations in 13 countries compared to the five-year average, it decreased in Brazil and Japan, according to this year’s report.

Based on industry and location, our data breach calculator can determine how much a security incident might cost an organization.

The Bigger the Breach, the Higher the Cost

This year’s report found that the average total cost of a breach ranges from $2.2 million for incidents with fewer than 10,000 compromised records to $6.9 million for incidents with more than 50,000 compromised records.

But what about those massive breaches that grab national headlines? The study revealed that a mega breach (involving 1 million compromised records) could cost as much as $39.49 million. Unsurprisingly, this figure increases as the number of breached records grows. A breach involving 50 million records, for example, would result in a total cost of $350.44 million.

How Can Companies Reduce Data Breach Costs?

Among the 477 companies examined for the study, the mean time to identify a breach is still substantial (197 days), while the mean time to contain a breach is 69 days.

The good news: There are strategies to help businesses lower the potential cost of a data breach. For the fourth year running, the study found a correlation between how quickly an organization identifies and contains a breach and the total cost.

Preparation and vigilance pays: The study found that an incident response team can reduce the cost of a breach by as much as $14 per compromised record from the average per-capita cost of $148. Similarly, extensive use of encryption can cut the cost by $13 per capita.

 

Customer Trust Impacts the Total Cost of a Breach

Organizations around the world lost customers due to data breaches in the past year. However, businesses that worked to improve customer trust reduced the number of lost customers — thereby reducing the cost of a breach. When they deployed a senior-level leader, such as a chief privacy officer (CPO) or chief information security officer (CISO), to direct customer trust initiatives, businesses lost fewer customers and, again, minimized the financial consequences of a breach.

Additionally, organizations that offered data-breach victims identity protection kept more customers than those that did not. Companies that lost less than 1 percent of existing customers incurred an average total cost of $2.8 million — while companies that experienced a churn rate of greater than 4 percent lost $6 million on average.

Examining the Effects of AI and IoT Adoption

For the first time, this year’s study examined the effects of organizations adopting AI as part of their security automation strategy and the extensive use of IoT devices. AI security platforms save companies money — an average of $8 per compromised record — and use machine learning, analytics and orchestration to help human responders identify and contain breaches. However, only 15 percent of companies surveyed said they had fully deployed AI. Meanwhile, businesses that use IoT devices extensively pay $5 more per compromised record on average.

To get the full rundown of the potential costs associated with a data breach — and learn what you can do to help protect your business — download the 2018 Cost of Data Breach Study: Global Overview, and take a look at our accompanying infographic.

You can also use our data breach calculator to explore the industry, location and cost factors if you experience a security incident.

See the latest findings from the 2019 Cost of a Data Breach Report

More from Security Services

Protecting your data and environment from unknown external risks

3 min read - Cybersecurity professionals always keep their eye out for trends and patterns to stay one step ahead of cyber criminals. The IBM X-Force does the same when working with customers. Over the past few years, clients have often asked the team about threats outside their internal environment, such as data leakage, brand impersonation, stolen credentials and phishing sites. To help customers overcome these often unknown and unexpected risks that are often outside of their control, the team created Cyber Exposure Insights…

39% of MSPs report major setbacks when adapting to advanced security technologies

4 min read - SOPHOS, a leading global provider of managed security solutions, has recently released its annual MSP Perspectives report for 2024. This most recent report provides insights from 350 different managed service providers (MSPs) across the United States, United Kingdom, Germany and Australia on modern cybersecurity tools solutions. It also documents newly discovered risks and challenges in the industry.Among the many findings of this most recent report, one of the most concerning trends is the difficulties MSPs face when adapting their service…

A decade of global cyberattacks, and where they left us

5 min read - The cyberattack landscape has seen monumental shifts and enormous growth in the past decade or so.I spoke to Michelle Alvarez, X-Force Strategic Threat Analysis Manager at IBM, who told me that the most visible change in cybersecurity can be summed up in one word: scale. A decade ago, “'mega-breaches' were relatively rare, but now feel like an everyday occurrence.”A summary of the past decade in global cyberattacksThe cybersecurity landscape has been impacted by major world events, especially in recent years.…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today