The latest data breach report signals both good and bad news as it relates to the costs of breaches since 2017.
The bad news? Research from the Ponemon Institute and IBM Security shows losses related to data breaches have increased 6.4 percent in the past year. The good news? For those companies that were able to contain the breach within 30 days, their losses have been less significant.
The study, which reviewed the impact of data breaches on a global scale, specifically noted that U.S. companies saw the highest average data breach cost at $7.91 million. Compared to the global average of $3.86 billion, this figure is more than double in the U.S. For companies that were able to identify a breach and implement a remedy within a month or less, savings were roughly $1 million when compared with those who did not.
The study examined the impact data breaches have on a company’s bottom line, and concluded that the direct correlation between breach incidents and business boiled down to reputation impact and wasted internal resources spent on recovery. The study also indicated that a third of those labeled “mega breaches” (more than 1 million breached records) had a connection with lost business. Data also indicated that companies relying on machine learning/AI and proactive cyber security response efforts saw better cost reductions in their breach combating efforts.
“While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” IBM X-Force Incident Response and Intelligence Services (IRIS) Global Leader Wendi Whitmore said in a press release. “The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
In terms of those “mega breaches” the costs associated with those breaches fell somewhere between $40 million and $350 million, depending on the scope of how many records were stolen. The number of breaches that were in that category has also nearly doubled in a five-year period from nine breaches in 2013 to 16 in 2017.
"While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute.
Other key findings from the report include: