Enterprise data breach cost reached record high during COVID-19 pandemic

IBM research estimates that the average data breach now costs upward of $4 million.
Written by Charlie Osborne, Contributing Writer

The average cost of a data breach has now reached over $4 million, hitting a record high during the COVID-19 pandemic. 

On Wednesday, IBM Security released its annual "Cost of a Data Breach" report, which estimates that in 2021, a typical data breach experienced by companies now costs $4.24 million per incident, with expenses incurred now 10% higher than in 2020 when 1,000 -- 100,000 records are involved. 


So-called "mega" breaches impacting top enterprise firms responsible for the exposure of between 50 million and 65 million records now also come with a higher price tag -- reaching an average of $401 million to resolve. 

After analyzing data breaches reported by over 500 organizations, together with a survey conducted by Ponemon Institute, IBM says that the "drastic operational shifts" experienced by the enterprise due to the pandemic, stay-at-home orders, and the need to quickly turn processes remote prompted higher costs and increased difficulty in containing a security incident once it had taken place. 

IBM estimates that roughly 60% of organizations moved to the cloud to keep their businesses running -- but ramping up security controls did not necessarily follow. 

When work from home was reported, so was an increase of up to $1 million more when a data breach occurred -- with the highest rates of $4.96 million in comparison to $3.89 million. 

The most common attack vector for enterprises experiencing a data breach was compromised credentials, either taken from data dumps posted online, sold on, or obtained through brute-force attacks. Once a network was infiltrated, customer Personally identifiable information (PII) including names and email addresses was stolen in close to half of cases. 

Over 2021, it has taken an average of 287 days to detect and contain a data breach, 7 days longer than in the previous year. In total, on average, an organization will not detect intrusion for up to 212 days, and then they will not be able to fully resolve the issue until a further 75 days has passed. 

Data breaches in the healthcare industry were the most expensive, at an average of $9.23 million, followed by financial services -- $5.72 million -- and pharmaceuticals, at $5.04 million. 

However, according to IBM, companies that employ security solutions based on artificial intelligence (AI) algorithms, machine learning, analytics, and encryption all mitigated the potential cost of a breach, saving firms, on average, between $.1 25 million and $1.49 million. 

"Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic," said Chris McCurdy, VP of IBM Security. "While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation, and the adoption of a zero-trust approach -- which may pay off in reducing the cost of these incidents further down the line."

Previous and related coverage

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards