May 31, 2018 By David Bisson 2 min read

The cost of the average data breach affecting enterprises has surpassed $1 million, according to recent information technology (IT) security risk data. According to a May survey by cybersecurity company Kaspersky Lab, the average cost of a data security incident for large corporations in 2018 rose to $1.23 million — 24 percent higher than last year’s average of $992,000.

During the same period, the cost of a data breach grew even more, from $88,000 to $120,000, for small and medium-sized businesses (SMBs). Both of these averages were significantly less than the $3.62 million estimated cost reported by the Ponemon Institute in the 2017 Ponemon Cost of Data Breach Study.

The Costliest Data Breach Incidents

Kaspersky Lab surveyed thousands of IT decision-makers from 29 countries about their organization’s cybersecurity spending, the threats confronting them and the costs of recovering from attacks. Their responses provided insight into the consequences of data breaches and what companies are doing to defend themselves.

Kaspersky Lab found that enterprises and SMBs differed in the costliest types of breaches they suffered. For instance, data breaches resulting from targeted attacks were the most expensive for enterprises at $1.64 million. This was followed by incidents affecting IT infrastructure hosted by a third party and physical loss of company-owned devices or media at $1.47 million and $1.42 million, respectively.

By contrast, SMBs paid the most following an incident that affected third-party IT infrastructure at $179,000. The costs of incidents involving non-computing connected devices ($148,000) and virtualized environments ($146,000) weren’t far behind.

Rising Investments in Cybersecurity

Security budgets will likely continue to grow. According to the 2018 survey, businesses of all sizes are stepping up their IT security spending to counter the risks of costly data breaches. While security budgets for enterprises rose to $8.9 million, spending among SMBs rose from $201,000 in 2017 to $246,000 in 2018. Even very small businesses increased their budgets from $2,400 to $3,900 over the last 12 months.

Maxim Frolov, vice president of global sales at Kaspersky Lab, said these increases reflect the importance of cybersecurity as organizations embrace the cloud and adjust to the digital age.

“Cybersecurity has become not just a line item in IT bills, but a boardroom issue and a business priority for companies,” Frolov said in a company press release. “Businesses expect a strong payoff as the stakes continue to get higher: Besides traditional cybersecurity risks, many companies now have to deal with growing regulatory pressures, for example.”

More from

Taking the fight to the enemy: Cyber persistence strategy gains momentum

4 min read - The nature of cyber warfare has evolved rapidly over the last decade, forcing the world’s governments and industries to reimagine their cybersecurity strategies. While deterrence and reactive defenses once dominated the conversation, the emergence of cyber persistence — actively hunting down threats before they materialize — has become the new frontier. This shift, spearheaded by the United States and rapidly adopted by its allies, highlights the realization that defense alone is no longer enough to secure cyberspace.The momentum behind this…

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

Why maintaining data cleanliness is essential to cybersecurity

3 min read - Data, in all its shapes and forms, is one of the most critical assets a business possesses. Not only does it provide organizations with critical information regarding their systems and processes, but it also fuels growth and enables better decision-making on all levels.However, like any other piece of company equipment, data can degrade over time and become less valuable if organizations aren’t careful. What’s even more dangerous is that neglecting data hygiene can expose organizations to a number of security…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today