Data breach costs went up by 12% over the past 5 years

Photo by JP Valery

The cost of a data breach has risen 12% over the past five years and now averages at $3.92 million and represents up to 5% of annual revenue for small businesses, according to new data from IBM.

Sponsored by IBM Security and conducted by the Ponemon Institute, the annual Cost of a Data Breach Report is based on in-depth interviews with more than 500 companies around the world that suffered a breach over the past year.

Companies with less than 500 employees suffered losses of more than $2.5 million on average, a potentially crippling amount for small businesses that typically earn $50 million or less in yearly.

The IBM study also show that while an average of 67% of data breach costs were realised within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach.

The longtail costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.

“With organisations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line — and focus on how they can reduce these costs,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services.

The report found that over half of data breaches in the study resulted from malicious cyberattacks and cost companies $1 million more on average than those originating from accidental causes. 

While less common, breaches of more than one million records cost companies a projected $42 million in losses, and those of 50 million records are projected to cost companies $388 million. 

Companies with an incident response team that also extensively tested their incident response plan experienced $1.23 million less in data breach costs on average than those that had neither measure in place. 

The average cost of a breach in the United States is $8.19 million, more than double the worldwide average. 

For the ninth year in a row, healthcare organisations had the highest cost of a breach – nearly $6.5 million on average and over 60% more than other industries in the study.