The fallout from the Equifax breach has kept companies and financial institutions on high alert for how their customers are impacted by evolving fraud schemes. Newly released data from IBM this week confirms what many already suspect: Data breaches are getting much, much worse. And the sting from not proactively detecting them has long-lasting financial impacts.
To put the evolution of data breaches into context, IBM's data said the average cost of a data breach to a company has doubled since 2006 — to more than $8 million in the U.S. (More than double the $3.92 worldwide average). This report doesn't account for the true impact of a breach since it doesn't factor in the costs shouldered by the banks and credit unions connected to these businesses.
For financial institutions tracking these fast-growing problems, IBM's data indicates that many of the companies involved in data breaches are small businesses. Fraudsters are continuing to target more vulnerable operations. The report also details the high costs resulting from delays in detecting data breaches.
"The financial consequences of a data breach can be particularly acute for small and midsize businesses. In the study, companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue," IBM's team wrote in its report.
It's worth noting that the delay in detecting data breaches has led to a rise is costs from these incidents. The report noted that average of 67% of data breach costs were realized within the first year after a breach; 22% accrued in the second year; 11% accumulated more than two years after a breach.
"The long tail costs were higher in the second and third years for organizations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals," the report notes.
One of the biggest takeaways from the latest report was the need to detect and respond to data breaches faster. "The speed and efficiency at which a company responds to a breach has a significant impact on the overall cost," according to the report. In fact, the data showed the average lifecycle of a breach was 279 days — 206 days to first identify a breach after it occurs, and an additional 73 days to contain the breach.
"Companies in the study who were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach," the report concluded.