What is the cost of a data breach?

Data breach costs can be ongoing for years, a new study finds. Here's the breakdown of costs and advice on how to minimize them.

Digitization of United States currency  >   Digital transactions
Dem10 / Getty Images

Data breaches and security incidents are becoming increasingly costly. Canadian lender Desjardins Group recently revealed it had spent C$70 million ($53 million) in the wake of a breach earlier in the year that exposed personal information of 2.9 million members. Manufacturer Norsk Hydro said the final bill for its crippling cyberattack could be as high as $75 million. British Airways and Marriott have had to add $100 million each onto the final cost of their incidents after falling foul of GDPR.

These examples are the most high-profile and extreme ends of the scale, but the financial impact of suffering a data breach remains high for companies of all shapes and sizes. The average cost of a data breach in 2020 is $3.86 million, according to a new report from IBM and the Ponemon Institute.

The report shows a 1.5% decrease in costs from 2019 but still a 10% rise over the last five years. This include a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as result of bad publicity, and regulatory fines. Though the average cost of a breach is relatively unchanged, IBM says the costs are getting smaller for prepared companies and much larger for those that don’t take any precautions.

“The overall headline number stayed very similar to what we saw last year,” says  Charles Debeck, senior threat analyst at IBM X-Force IRIS, “but if you dig deeper into the data what we saw was an increasing divergence between organizations that took effective cybersecurity precautions versus orgs that didn't.”

“This divergence has been increasing year over year; the organizations that are engaging in effective cybersecurity practices are seeing significantly reduced costs, the organizations that aren't engaging in these same practices are facing significantly higher costs.”

To continue reading this article register now

Microsoft's very bad year for security: A timeline