IBM Security has announced the results of its annual study examining the financial impact of data breaches on organizations. The report, sponsored by IBM Security and conducted by the Ponemon Institute, was based on in-depth interviews with more than 500 companies globally that had suffered a data breach in the past year.
According to the report, the cost of a data breach has risen 12% over the past 5 years and now costs $3.92 million on average. The report found that small and medium-sized businesses feel the financial consequences most acutely with companies with less than 500 employees suffering losses in excess of $2.5 million on average. The ramifications of such financial losses are potentially detrimental, as these companies usually earn less than $50 million in annual revenue.
The key findings from the report include:
- Malicious Breaches – Most Common, Most Expensive: Over 50% of data breaches in the study resulted from malicious cyberattacks and cost companies $1 million more on average than those originating from accidental causes.
- “Mega Breaches” Lead to Mega Losses: While less common, breaches of more than 1 million records cost companies a projected $42 million in losses; and those of 50 million records are projected to cost companies $388 million.4
- Practice Makes Perfect: Companies with an incident response team that also extensively tested their incident response plan experienced $1.23 million less in data breach costs on average than those that had neither measure in place.
- S. Breaches Cost Double: The average cost of a breach in the U.S. is $8.19 million, more than double the worldwide average.
- Healthcare Breaches Cost the Most: For the 9th year in a row, healthcare organizations had the highest cost of a breach – nearly $6.5 million on average (over 60% more than other industries in the study).
“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services. “With organizations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”
The full report is available to download here.