Average cost of data breaches falls by 10%

The average cost of data breaches has fallen by 10% [Image: weerapatkiatdumrong via iStock]

A new report by IBM Security has found that the global average cost of a data breach is down ten per cent from previous years, coming in at $3.62 million (£2.8 million).

IBM – who tasked the Ponemon Institute with conducting the research – said that the average cost for each lost or stolen record containing sensitive and confidential information also dropped from $158 in 2016 to $141 in this year’s study.

It is the first time a fall in the cost of data breaches has been recorded since the report was first conducted.

However, despite the fall in the average cost of a breach, IBM discovered that companies in this year’s study are suffering larger breaches. The research found that the average size of the data breaches rose by 1.8 per cent, to more than 24,000 records being compromised.

Analysing the 11 countries and two regions surveyed in the report, IBM Security identified a “close correlation” between the response to regulatory requirements in Europe and the overall cost of a data breach.

The report found that European countries saw a 26 per cent fall in the total cost of a data breach over last year’s study. According to IBM, businesses in Europe operate in a more centralised regulatory environment, while US businesses have unique requirements, with 48 of 50 states having their own data breach laws.

IBM explained that Germany, France, Italy and the UK saw significant drops in the cost of data breaches compared to the four-year average expenses experienced globally.

The involvement of third parties in a data breach was the top contributing factor that led to an increase in the cost of a data breach, according to IBM. This increased the value by $17 per record. The company advised organisations to evaluate the security posture of their third party providers to ensure the security of employee and customer data.

Wendi Whitmore, global lead, IBM X-Force Incident Response & Intelligence Services, said: “New regulatory requirements like GDPR in Europe pose a challenge and an opportunity for businesses seeking to better manage their response to data breaches. Quickly identifying what has happened, what the attacker has access to, and how to contain and remove their access is more important than ever.”