What is the Average Cost of a Data Breach?


The costs of a data breach are only going to increase, adding to the necessity of information security and compliance measures.

Data breaches have gained widespread attention as more businesses are attacked by malicious insiders and hackers on a daily basis. With businesses becoming increasingly reliant on cloud computing, digital data, and employee mobility, information security threats will only grow more severe. The bad news is that data breaches come with a heavy cost. This cost is related to time and effort spent in containing a breach and lost opportunities due to bad publicity and regulatory fines.

The Average Cost of a Data Breach

According to the 2019 Cost of Data Breach Study by IBM Security/Ponemon Institute, the average total cost of a data breach has increased by 1.6% from the previous year and 12% over the past 5 years. Data breach now costs businesses an average of $3.92 million. The average size of a breach is 25,575 records containing sensitive and confidential information. Each record costs about $150 on average globally and $242 in the U.S. Another report from Juniper Research suggests that by 2020, the average cost of a data breach will exceed $150 million. The rising costs are a result of increased regulation, the long-term financial impact of breaches, and the complex process of resolving the attacks.

Response Time Has a Big Impact on the Cost

Being slow to detect and contain a data breach can have significant financial consequences. According to the IBM report, the average lifecycle of a breach was 279 days, up from 266 in 2018. Most companies take 206 days to detect a breach that has already occurred and an additional 73 days to have the breach contained. However, companies who were able to detect and contain a breach in less than 200 days spent an average of $1.2 million less. The more time an attacker has the more access they can get to different devices, data, accounts, and other important information.

Data Breach Creates a Lasting Problem

In the 2019 study, IBM and Ponemon looked at the long-term effects of data breaches. The report highlights the fact that organizations continue to pay the price of a data breach for years after the initial incident. About 67% of the breach costs come in the first year, about 22% in the next 24 months and 11% three years after the incident. If a company has a large number of client records breached, they are held liable and that becomes an ongoing cost.

Factors That Make Data Breaches So Costly

Data breaches are so expensive because they affect different aspects of a company’s operations. Lost or stolen information affects a company in multiple areas, creating limitations and liabilities that can take years to move past. A recent study conducted by IACIS shows insight into the financial burden that targeted organizations are forced to bear. The study found three types of costs, including direct costs, indirect costs, and hidden costs.

The direct costs related to the immediate monetary impact of data breach detection and notification processes. A data breach can result in a reduction of income, affecting business productivity and operational activities. Regulatory fines, legal costs, and settlements can push the costs much higher than the expected amounts. The costs may surge if there’s a need to hire investigative consultancy firms to find the cause of the breach.

The indirect costs are attributed to a damaged reputation and lost revenue as customers churn. Investors may be less likely to buy an affected company’s stock, resulting in restricted growth and a reduced market share. Third-party costs will likely increase as insurance and cloud service providers increase charges to bolster security.

The hidden costs of a Data Breach are difficult to measure but they may continue to impact the business for years after the incident. This may include the loss of talented employees or lost business hours as efforts are diverted to resolve the breach and ensure information security compliance.

Reduce the Risks in Your Organization with Security Compliance Associates

SCA helps companies like yours protect data and prevent data breaches, avoiding regulatory and legal fines and protecting your customer’s trust through world-class cybersecurity assessment and advisory services. We also help companies prepare for and respond to a data breach with our incident response planning services.

To learn more about how SCA can help reduce your risk of experiencing a data breach, contact us at (727) 571-1141 or send us an inquiry. You can also download your free Data Breach Response Guide for more information about data breach law in your state.