IBM Security and Ponemon Institute release the 2019 edition of the Cost of a Data Breach Study; an in-depth analysis of more than 500 companies which looks to calculate the average financial impact of a data breach.
Now in its 14th year, the Cost of a Data Breach Report interviews over 3,000 expert individuals and more than 500 organisations which have experienced a data breach between July 2018 and April 2019. It takes into account hundreds of cost factors – from legal, regulatory and technical activities to loss of brand equity, customer turnover and employee productivity – to calculate the average total cost of a data breach. In addition, the report analyses the average size of a breach, as well as the average time taken to identify and contain such events.
The 2019 report makes for some concerning reading. You don’t need to get too far into it before you’re met with highlights which include:
- The average total cost of a data breach is $3.92m (up from $3.86m as reported in the 2018 study)
- The average size of a data breach is 25,575 records (a 3.9% increase on 2018)
- The cost per lost record is $150 (up from $148 last year)
- The average time to identify and contain a breach is 279 days (up from 266 in 2018)
51% of these breaches involved a malicious or criminal attack, while 25% were attributed to a system glitch and 24% to human error.
Data breach costs can impact organisations for years
It’s been known for a while now that the true cost of a data breach goes beyond direct loss and rectification, however exact figures around this have been difficult to find. For the first time, this year’s report details the ‘long tail’ effects of a security breach; demonstrating the costs that will be felt for years after the incident.
This information has led to two important discoveries: The first is that lost business is the biggest contributor to data breach costs, with the average cost of lost business totalling $1.42m – 36% of the total average cost of a breach. Moreover, the study found that breaches caused abnormal customer loss of 3.9%.
The second is that about one third of breach costs occurred more than a year after a data breach incident. While an average of 67% of breach costs came in year one, 22% occur in the second year and 11% more than two years after the event.
This issue is complicated by the fact that organisations are now taking an average of 206 days to detect a breach and 73 days to contain it; potentially adding to losses.
The chance of experiencing a data breach is increasing, whoever you are
- Data breaches in the USA are vastly more expensive, standing at $8.19m (more than double the global average)
- Organisations in the Middle East reported the highest average number of breach records at 38,800 per incident
- For the ninth year in a row, healthcare organisations reported the highest costs associated with data breaches at $6.45m
Organisations are almost a third more likely to experience a breach within two years as they were in 2014.29.6%
Your odds of experiencing a data breach within the next 24 months.
Cybersecurity as a cost mitigator
Alongside analysing the factors that contribute to the cost of a data breach, the report also addresses those that can mitigate losses. One such mitigator is the use of encryption, about which it states “had the greatest impact, reducing breach costs by an average of $360,000”.
Other mitigating factors include business continuity management, the use of an incident response team together with extensive testing and planning, and the automation of security.
Although not covered specifically in the report, quantum-safe security solutions can also play a key role in mitigating the risk of security breaches, as well as any resulting costs should one occur. Such technologies can be implemented to strengthen and protect organisations against today’s conventional computing attacks as well as keep them safe in a post-quantum landscape.
Find out more and download the full report here.