What is the cost of a data breach?

Data breach costs can be ongoing for years, a new study finds. Here's the breakdown of costs and advice on how to minimize them.

Data breaches and security incidents are becoming increasingly costly. Canadian lender Desjardins Group recent revealed it had spent C$70 million ($53 million) in the wake of a breach earlier in the year that exposed personal information of 2.9 million members. Manufacturer Norsk Hydro said the final bill for its crippling cyberattack could be as high as $75 million. British Airways and Marriott have had to add $100 million each onto the final cost of their incidents after falling foul of GDPR.

While these examples are the most high-profile and extreme ends of the scale, the financial impact of suffering a data breach continues to increase year over year for companies of all shapes and sizes. The average cost of a data breach has risen to $3.92 million, according to a new report from IBM and the Ponemon Institute.

The report shows a 1.6% increase in costs in 2018 and a 12% rise over the last five years. This include a combination of direct and indirect costs related to time and effort in dealing with a breach, lost opportunities such as customer churn as result of bad publicity, and regulatory fines.

Data breaches are getting bigger and more expensive

Globally, just under 30% of organizations are likely to suffer at least one breach over the next 24 months. U.S. organizations face the highest costs with an average of $8.19 million per breach, driven by a complex regulatory landscape that can vary from state-to-state, especially when it comes breach notification. In the UK the figure is slightly lower than the global average, at $3.88 million.

To continue reading this article register now

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!