IBM Study: “Hidden costs of data breaches increase expense for businesses”
IBM Security has published the results of a global study examining the full financial impact of a data breach on a company’s bottom line. Overall, the study found that hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage. For example, the study found that one-third of the cost of ‘mega breaches’ (ie episodes where over one million records are lost) was derived from lost business.
Sponsored by IBM Security and conducted by The Ponemon Institute, the 2018 Cost of a Data Breach Study found that the average cost of a data breach globally is $3.86 million. That’s a 6.4% increase from the 2017 report.
Based on in-depth interviews with nearly 500 companies that experienced a data breach, the study analyses hundreds of cost factors surrounding a breach, from technical investigations and recovery to notifications, legal and regulatory activities, as well as the cost of lost business and reputation.
This year, and for the first time, the study also calculated the costs associated with the aforementioned ‘mega breaches’, duly projecting that these breaches cost companies between $40 million and $350 million.
“While highly-publicised data breaches can report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services.
“The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover and operational costs. Knowing where the costs lie, and how to reduce them, can help companies to invest their resources more strategically and lower the huge financial risks at stake.”