How Much Does A Data Breach Really Cost A Business?


How Much Does A Data Breach Really Cost A Business?



IBM recently released its updated Cost of a Data Breach Report for 2020, which analyzed 524 data breaches in 17 countries. The study, which was conducted by the Ponemon Institute, found that the global average total cost of a data breach now stands at $3.86 million. In the U.S. the average is $8.64 million, the highest in the world.

To calculate these average figures, researchers looked at breaches where between 3,400 and 99,730 records were compromised. Small and large breaches were excluded. 

Mega-breaches, where more than 1 million records are affected, could cost an organization between $50 million and $392 million. The latter figure would be the cost of a breach affecting more than 50 million records.

The sectors which experienced the highest-costing attacks included healthcare, finance, technology, and service industries. Healthcare breaches are considered the most expensive, where the average cost of a breach equates to $7.13 million.

What makes data breaches so expensive?

The cost of a data breach is numerous and depends on the type of data breached. 

Customer personally identifiable information (PII) is the most exposed type of data with the most expensive cost per record (as opposed to intellectual property, anonymized data, or employee data) and accounted for 80% of breaches analyzed. The study found that the average cost per record of PII exposed in malicious attacks is approximately $175. 

The main costs of a data breach are:

- Forensic investigations and auditing

- Crisis management

- Business disruption and system downtime

- Lost customers

- Communication

- Engagement of experts and consultants

- Legal expenditure

- Regulatory fines 

It takes approximately 280 days to contain a breach, and this is the critical period in which most costs are accrued. 


What are the main causes of data breaches?

The majority of data breaches (53%) are the result of malicious attacks, which are financially motivated.

Causes of malicious data breaches:

- 19% compromised credentials

- 23% human error

- 53% malicious attacks


The COVID-19 pandemic had its own impact on the study. 54% of organizations interviewed had to pivot to remote working in response to COVID-19. The impact of remote work on the costs of a data breach is approximately $137 000.


What can be done to prevent data breaches?


According to the report, security automation that utilizes technologies such as AI is the most effective method of mitigating the cost of a data breach. In fact, the difference in the average total cost of a data breach for organizations without security automation is $3.58 million. 


Having data privacy software as a part of your risk framework is crucial for preventing data breaches. Data Masking meets the requirements of privacy laws such as GLBA, HIPAA, GDPR, PCI DSS, PIPEDA, CCPA, and is one of the surest methods of de-identifying sensitive data in business. 


Hush-Hush data masking components integrate easily with your existing IT infrastructure and can be designed according to your exacting needs. 


Request a free demo now.

free demo

BuildNumber = dev_20210906.1