white papers

2017 Ponemon Institute Cost of a Data Breach Study

IBM is proud to sponsor the 12th annual “Cost of Data Breach Study,” the industry’s gold-standard benchmark research, independently conducted by the Ponemon Institute.

Ponemon Institute researchers recruited 419 organizations in 11 countries and two regions to participate in this year’s research. More than 1,900 individuals who are knowledgeable about data breach incidents in these 419 organizations were interviewed.

Incident Response Reduces the Cost of a Data Breach

This year’s study found that the average consolidated total cost of a data breach is $3.62 million, a decrease of 10 percent over last year. However, 48 percent of the decrease over last year can be attributed to the strong U.S. dollar, with significant variability from country to country.

The country with the highest cost, both per record and per incident, is the U.S., whereas the countries with the lowest cost per record and per incident are Brazil and India. Despite the decrease in cost, the average size of a data breach (number of records lost or stolen) increased 1.8 percent over last year.

Among the most notable findings of the study, the research identified a number of factors that reduced the average $141 per-record cost of a data breach. For starters, having an incident response team — either in-house, via a third party or a combination of both — can shave off $19.30 per record. Even for a breach of 10,000 records, that represents savings to the tune of $193,000 — or $1.9 million for a breach of 100,000 records.

Learn More

Read the complete “2017 Cost of Data Breach Study” to learn:

  • The average costs and consequences related to experiencing a data breach incident in various countries and regions;
  • What regional trends affect the cost of a data breach; and
  • The most common factors that influence and can limit the cost of a data breach.

Download the Ponemon Institute 2017 Cost of Data Breach Study: Global Overview

You can also use the new data breach calculator to explore the industry, location and cost factors in the event of a security incident.