IBM reveals average data breach cost is $4m

Data breaches and their associated costs are on the increase globally, IBM study shows


The average cost of a data breach globally in 2018 is predicted to be almost $4m, according to an IBM Security study, reflecting a 6.4% increase from the figures revealed in the 2017 version of the report. This estimation was reached after IBM Security interviewed close to 500 companies who had experienced breaches in the past. 

The study calculated that the number of "mega breaches" (breaches of more than 1 million records) have nearly doubled from just nine in 2015 to 16 in 2017. The associated costs of these mega breaches are between $40m and $350m.

The global average cost of a data breach was calculated to be $3.86m, however, the size and extent of the breach had a significant impact of this cost. When the breach hit the 1 million records lost mark, the average cost was $40m and took on average 266 days to contain.

However, when the data breach reached the 50 million records breached mark, the average cost to a business ballooned up to $350m and took close to a 100 days longer to rectify at 365 days. 

US companies experienced the highest cost of a breach, averaging $7.91m, followed by the Middle East at $5.31m. Healthcare organizations had the highest costs associated with data breaches for the eighth year in a row, as it was found to cost them $408 per lost or stolen record.

Visit Innovation Enterprise's Chief Data Officer Summit in New York, December 12 & 13, 2018.

The Ponemon Institute, a body dedicated to the "independent research of privacy, data protection and information policy" over the last 13 years, noted that there has been a net increase of 10% in last 5 years to the average cost of data breaches. The report noted that organizations that had extensively deployed automated security technologies saved more than $1.5m on the overall cost of a breach.

"While highly publicized data breaches often report losses in the millions (of dollars), these numbers are highly variable and often focused on a few specific costs which are easily quantified," said Wendi Whitmore, global lead for IBM X-Force incident response and intelligence services (IRIS).

"The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake," Whitmore added. 

Car small

Read next:

Leveraging data analytics to improve safety initiatives and performance