Hidden Costs of Data Breaches Increase Expenses for Businesses - Part 1
August 08, 2018

Hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage, according to the 2018 Cost of a Data Breach Study, sponsored by IBM Security and conducted by Ponemon Institute.

For example, the study found that one-third of the cost of "mega breaches" (over 1 million lost records) were derived from lost business.

The study found that the average cost of a data breach globally is $3.86 million, a 6.4 percent increase from the 2017 report.

The study also calculated the costs associated with "mega breaches" ranging from 1 million to 50 million records lost, projecting that these breaches cost companies between $40 million and $350 million respectively.

Average cost of a data breach globally is $3.86 million

"While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified," said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS). "The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake."

Hidden Figures – Calculating the Cost of a Mega Breach

In the past five years, the amount of mega breaches (breaches of more than 1 million records) has nearly doubled - from just nine mega breaches in 2013, to 16 mega breaches in 2017. Due to the small amount of mega breaches in the past, the Cost of a Data Breach study historically analyzed data breaches of around 2,500 to 100,000 lost records.

Based on analysis of 11 companies experiencing a mega breach over the past two years, this year's report uses statistical modelling to project the cost of breaches ranging from 1 million to 50 million compromised records.

Key findings include:

■ Average cost of a data breach of 1 million compromised records is nearly $40 million dollars

■ At 50 million records, estimated total cost of a breach is $350 million dollars

■ The vast majority of these breaches (10 out of 11) stemmed from malicious and criminal attacks (as opposed to system glitches or human error)

■ The average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days)

For mega breaches, the biggest expense category was costs associated with lost business, which was estimated at nearly $118 million for breaches of 50 million records – almost a third of the total cost of a breach this size. IBM analyzed the publicly reported costs of several high profile mega breaches, and found the reported numbers are often less than the average cost found in the study. This is likely due to publicly reported cost often being limited to direct costs, such as technology and services to recover from the breach, legal and regulatory fees, and reparations to customers.

Read Hidden Costs of Data Breaches Increase Expenses for Businesses - Part 2

Share this

Industry News

March 26, 2020

Redgate’s new SQL Monitor now ensures that DevOps teams can monitor and track deployments at all times.

March 26, 2020

Split Software announced a two-way data integration with Google Analytics that can instantly detect performance issues caused by new features.

March 26, 2020

Cloudreach earned the Kubernetes on Microsoft Azure advanced specialization.

March 25, 2020

Informatica updated its Intelligent Data Platform, powered by Informatica's AI-powered CLAIRE engine, with advanced intelligence and automation capabilities, enabling enterprises to accelerate cloud analytics modernization, drive better customer experiences, and properly govern and manage all their data.

March 25, 2020

Datical released Targeted Rollback capabilities for Liquibase, the rapidly growing open-source tool that helps application developers track, version and deploy database schema changes quickly and safely.

March 25, 2020

HashiCorp raised $175 million in Series E funding, at a company valuation of $5.1 billion.

March 24, 2020

Sysdig launched PromCat.io.

March 24, 2020

Sonatype announced expanded language coverage within Nexus Lifecycle to include Conan (C/C++), Composer (PHP), and RubyGems (Ruby), including the ability to create and contextually enforce policies.

March 24, 2020

Swimlane joined the Chronicle Index Partner program as part of a broader industry effort to help customers improve visibility of and response to cyber threats.

March 23, 2020

Portshift introduced Kubei Open Source container scanning software.

March 23, 2020

Perspecta achieved Amazon Web Services (AWS) DevOps Competency status.

March 23, 2020

Talend announced the availability of Talend Cloud in Microsoft Azure Marketplace, an online store providing applications and services for use on Azure.

March 19, 2020

DevOps Institute, a global member-based association for advancing the human elements of DevOps, announced eight Virtual SKILup Day micro-conferences starting April 30, 2020.

March 19, 2020

Oteemo, an enterprise DevSecOps and Cloud Native Transformation consultancy, launched an enterprise kubernetes and cloud native learning program.

March 19, 2020

Spectro Cloud, an enterprise cloud-native infrastructure company, emerged from stealth and unveiled its first product: Spectro Cloud.