NewsMay 31, 2018 @ 1:13 PM

Cost of Average Enterprise Data Breach Surpasses $1 Million

The cost of the average data breach affecting enterprises has surpassed $1 million, according to recent information technology (IT) security risk data. According to a May survey by cybersecurity company Kaspersky Lab, the average cost of a data security incident for large corporations in 2018 rose to $1.23 million — 24 percent higher than last year’s average of $992,000.

During the same period, the cost of a data breach grew even more, from $88,000 to $120,000, for small and medium-sized businesses (SMBs). Both of these averages were significantly less than the $3.62 million estimated cost reported by the Ponemon Institute in the 2017 Ponemon Cost of Data Breach Study.

The Costliest Data Breach Incidents

Kaspersky Lab surveyed thousands of IT decision-makers from 29 countries about their organization’s cybersecurity spending, the threats confronting them and the costs of recovering from attacks. Their responses provided insight into the consequences of data breaches and what companies are doing to defend themselves.

Kaspersky Lab found that enterprises and SMBs differed in the costliest types of breaches they suffered. For instance, data breaches resulting from targeted attacks were the most expensive for enterprises at $1.64 million. This was followed by incidents affecting IT infrastructure hosted by a third party and physical loss of company-owned devices or media at $1.47 million and $1.42 million, respectively.

By contrast, SMBs paid the most following an incident that affected third-party IT infrastructure at $179,000. The costs of incidents involving non-computing connected devices ($148,000) and virtualized environments ($146,000) weren’t far behind.

Rising Investments in Cybersecurity

Security budgets will likely continue to grow. According to the 2018 survey, businesses of all sizes are stepping up their IT security spending to counter the risks of costly data breaches. While security budgets for enterprises rose to $8.9 million, spending among SMBs rose from $201,000 in 2017 to $246,000 in 2018. Even very small businesses increased their budgets from $2,400 to $3,900 over the last 12 months.

Maxim Frolov, vice president of global sales at Kaspersky Lab, said these increases reflect the importance of cybersecurity as organizations embrace the cloud and adjust to the digital age.

“Cybersecurity has become not just a line item in IT bills, but a boardroom issue and a business priority for companies,” Frolov said in a company press release. “Businesses expect a strong payoff as the stakes continue to get higher: Besides traditional cybersecurity risks, many companies now have to deal with growing regulatory pressures, for example.”

Share this Article:
David Bisson

Contributing Editor

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.