IBM studies data breach impact
IBM Security has released a global study examining the full financial impact of a data breach on a company's bottom line.
The study found that hidden costs in data breaches — e.g., lost business, negative impact on reputation and employee time spent on recovery — can be a huge factor. In a "mega breach" of 1 million or more records, one-third of the cost derived from lost business.
And the cost is on the rise; since the 2017 report, the average cost of a data breach globally has increased 6.4 percent, to $3.86 million, according to IBM. The number of mega breaches is also up — from nine in 2013 to 16 in 2017.
The study, sponsored by IBM and conducted by Ponemon Institute, also reveals that:
- Average cost of a data breach involving 1 million records is nearly $40 million.
- Estimated cost of a breach involving 50 million records is $350 million.
- Average time to detect and contain a mega breach (365 days) is 99 days longer than for a smaller-scale breach.
- In a mega breach, the greatest cost is from lost business, estimated at nearly $118 million for a breach of 50 million records.
A major factor in lost business cost is customer turnover — a recent IBM/Harris poll found that 75 percent of consumers in the U.S. say that they will not do business with companies that they do not trust to protect their data.
"The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs," said Wendi Whitmore, global lead for IBM X-Force incident response and intelligence services. "Knowing where the costs lie and how to reduce them can help companies invest their resources more strategically and lower the huge financial risks at stake."
Download the 2018 Cost of a Data Breach Study: Global Overview.
View a digital infographic with study highlights.
Explore and interact with findings from the study using the IBM Security Data Breach Calculator.
The 2018 Cost of a Data Breach Study is based on in-depth interviews with nearly 500 companies that experienced a data breach, and analyzes hundreds of cost factors surrounding a breach. Data collection for the study began February 2017; interviews were completed in April 2018.