The average financial impact of a data breach continues to rise and now can cost the average business up to $3.92 million, according to new research.
Data breaches have become such a common occurrence that hardly a week goes by when a business, organization, government department, bank, or educational establishment does not admit to the existence of one in their networks or systems.
While the financial penalties can vary depending on the size of a business, a data breach can wreak havoc and the long-term cost may not be immediately apparent.
On Tuesday, IBM Security released its annual study, the Cost of a Data Breach Report, to estimate both the immediate and ongoing expense of a data breach. According to the company, the cost of a data breach has risen by 12 percent over the course of five years, and organizations can expect to pay an average of $3.92 million.
Businesses with less than 500 members of staff suffered losses of over $2.5 million on average, and for smaller firms, this can equate to a substantial slice of their yearly revenue.
IBM says that this expense — which can be caused by the hire of third-party cyber forensics firms, legal costs, rapid investment in shoring up security, and potentially both compensation payments and government-issued penalties — may not always be immediate, glaring red strikes on a balance sheet.
Instead, the true damage and cost of a data breach can be felt for years. The report says that, on average, 67 percent of expenses are realized during the first 12 months post-breach; 22 percent accrued during the second year, and 11 percent can take over two years to become apparent.
The healthcare, financial services, pharmaceutical industry, and energy companies are the most likely to face additional costs over time. In addition, geography can make a difference -- as companies based in the US can also expect a higher bill to rectify the damage a data breach causes. On average, costs can reach up to $8.19 million.
Companies face a penalty of up to $150 per record stolen. When over one million records have been stolen, for example, this can cost up to $42 million -- and 50 million records may result in a bill of up to $388 million.
According to the report, it takes an organization 206 days to discover a data breach and a further 73 days to completely contain it.
In today's world, it is not just a full-on, malicious attack which companies need to worry about -- a lack of training can ensure any employee could innocently open up a phishing email and unwittingly become the source of a breach.
However, IBM says that malicious data breaches are still more common than those caused by system errors or human folly, accounting for 49 percent of recorded security incidents. In addition, malicious attacks average over $1 million more than accidental data breaches.
The consequences of a data breach and the loss of consumer or sensitive, corporate information can be severe, as highlighted by Equifax this week. The credit monitoring agency became subject to a data breach back in 2017 which led to the compromise of data belonging to 146 million users.
Equifax has now agreed to pay at least $575 million, and potentially up to $700 million, in damages, as well as provide a settlement fund of at least $300 million for impacted customers.
Previous and related coverage
- Unsecured database exposes 85GB in security logs of major hotel chains
- Hackers breach FSB contractor, expose Tor deanonymization project and more
- Hackers breach 62 US colleges by exploiting ERP vulnerability
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0