The hidden costs thrown up by data breaches – including lost business, reputational damage and employee time spent on recovery – lead to significant increases in expenditure for businesses.
This is according to a new study by IBM Security, conducted by the Ponemon Institute. The 2018 Cost of a Data Breach Study revealed that one-third of the cost of so-called ‘mega breaches’ (at least one million lost records) were derived from lost business.
It was also found that the average cost of a data breach globally is $3.86 million (£2.9 million), a 6.4 per cent increase from the 2017 report.
This year, for the first time, the study also calculated the costs associated with ‘mega breaches’, which range from one million to 50 million records lost. The researchers projected that these breaches cost companies between $40 million and $350 million respectively.
According to the report, the average cost of a data breach of one million compromised records is nearly $40 million. Meanwhile, at 50 million records, the estimated total cost of a breach is $350 million.
The vast majority of these breaches (ten out of 11) stemmed from malicious and criminal attacks, rather than system glitches or human error. It was also found that the average time to detect and contain a mega breach was 365 days – almost 100 days longer than a smaller scale breach (266 days).
Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services, said: “While highly publicised data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified.
“The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”