With data breaches and cyberattacks happening every day that affects millions of companies around the world, the cost of containing a breach and dealing with its aftermath is in a rising trend, a study reveals.
The annual cost of a Data Breach Report conducted by the Ponemon Institute and sponsored by IBM Security reveals that in the past decades, the data breach costs have been rising and the financial impact of a leak can be felt for years. The price has increased 12% over the past five years to £3.2 million on global average.
Founded in 2002 by Dr. Larry Ponemon and Susan Jayson, Ponemon Institute conducts independent research on data protection and emerging information technologies. They partnered with IBM security to release an annual study detailing the cost of data breaches among companies.
In the UK alone, a 10.56% increase can be felt from last year with a rise of £2.99 million on average, the study shows. Furthermore, the size of a data breach has also increased by 3.% with a per capita cost per lost or stolen record reaching £119 – a 9.6% increase from 2018, and a near double from ten years ago.
The report details the rising costs can be attributed to the multiyear financial impact of the breaches, the compensation that needs to be paid to affected consumers, increased data breach-related legislation and regulation, as well as the increasing cost of the processes involved in resolving criminal attacks.
In the United States, IBM estimates the total cost of all the data breaches to be at $3.92 million with the most expensive cost reaching up to $8.19 million. The report further reveals that the healthcare industry is the most vulnerable sector with the highest costs reaching up to $6.45 million. In average, the United States has experienced a breach totaling to 25,575 records exposed.
The cost of data breaches in the U.S. estimated at $8.19 million is more than twice as much as the global average costs. It represents a total of 130% increase in the past 14 years from $3.54 million back in the study conducted in 2016.
“Data breaches can cause devastating financial losses and affect an organization’s reputation for years. From lost business to regulatory fines and remediation costs, data breaches have far-reaching consequences,” IBM wrote in the report website.
The researchers interviewed a total of 507 companies around the world who have fell victim to a data breach in the past year across 16 geographies and 17 industries. The report also takes into account different costs associated with remediating a data breach which include but is not limited to legal, regulatory and technical activities, as well as the loss of brand equity, customers, and employee’s productivity.
The study revealed the impact of data breaches could be particularly crippling for small and medium enterprises. In 2018 alone, companies with a small size of fewer than 500 employees have suffered more than £2 million because of data breaches. This amount is especially crippling for small businesses as this could represent a huge chunk of their total assets. The study says that small companies typically earn £40.1 million or less in annual revenue.
Additionally, the impact of a data breach doesn’t end the moment that a leak is contained and the leak has been mitigated; instead, the study reveals that data breaches have a long-standing impact that can last for years. While an average of 67% of the effects of the data breach can be felt in the first after an attack, 22% of the financial impact can be felt in the second year and another 11% on the third year and more after a breach.
And these long term costs are significantly higher for regulated corporations like healthcare, financial services, energy, and pharmaceuticals.
Cybercrime represents big money for cybercriminals, and unfortunately, that equates to significant losses for businesses,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services.
“With organizations facing the loss or theft of over 11.7 billion records in the past three years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs,” she said.
The results of the study only highlight the consistent call for corporations to invest in their cybersecurity and to protect their user’s data. Following this trend, who knows how much a data breach will cost in the years to follow.