The average global cost of a data breach has risen again, with experts at IBM
claiming the financial impact can be felt for years after an incident. […]
The headline figure has risen from $3.86m to $3.92m over the past year, and in total by over 12% over the past five years, IBM claimed. However, in the US it is more than double this figure, at $8.19m.
Smaller companies with fewer than 500 employees suffered losses on average of over $2.5m, a potentially fatal sum. Mega breaches of over one million records cost $42m, while those of 50 million records are estimated to cost companies $388m.
For the first time, IBM measured the financial impact of a data breach over several years. It found that on average 67% of data breach costs were realized within the first year after a breach, but over a fifth (22%) accrued in the second year and another 11% did so more than two years after the initial incident.
Organizations in highly regulated environments like healthcare and financial services were more likely to see higher costs in the second and third years, it claimed.
Malicious breaches accounted for the majority (51%) of cases, up 21% over the past six years, and cost firms more – on average $4.45m per breach. However, accidental breaches accounted for nearly half (49%) of all incidents, with human error ($3.5m) and system glitches ($3.24m) costing slightly less than the global breach average.
For the ninth year in a row, healthcare organizations suffered the highest cost of a breach – nearly $6.5m on average.
IBM claimed that extensively tested incident response plans can minimize the financial impact of a breach, saving on average $1.23m.
Other factors affecting the cost of a breach include how many records were lost, whether the breach came from a third party and whether the victim organization had in place security automation tech and/or used encryption extensively.