IBM: A Data Breach Will Now Cost Your Organization $3.86 Million, If You’re Lucky

By  | ZDNet |

A new global study conducted by IBM suggests the financial impact of a data breach for an organization is, on average, $3.86 million.

However, in the worst cases, “mega breaches” may cost the enterprise between $40 million and $350 million.

IBM’s 2018 Cost of a Data Breach Study, conducted in conjunction with the Ponemon Institute, suggests that the cost can become this high not due to the obvious damage caused by systems — or the theft of information at the time of a breach — but rather due to more subtle expenses incurred by an organization.

A loss of reputation may deter potential future customers, current business relationships may falter, and the time employees must spend on damage control — as well as retraining and education — may all rack up the bill.

According to the study, the average cost of a data breach, $3.86 million, has increased by 6.4 percent from 2017.

After interviewing close to 500 companies which have experienced a data breach, the study calculated that this is the average cost when under 100,000 records are compromised in a cybersecurity incident.

The average time it took to uncover a data breach is 197 days, and once identified, it takes roughly 69 days to contain.

However, the speed of incident response teams can have a huge impact on the overall cost of a data breach.

When a breach is contained in less than a month, IBM suggests businesses may be able to save up to $1 million in comparison to slower companies.

The amount of records stolen also has an effect. On average, each record costs $148, but this cost can be mitigated by having an incident response team on hand, as well as by implementing artificial intelligence (AI)-based cybersecurity solutions.

“Organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach,” IBM says.

The study has also examined the cost of so-called “mega breaches,” in which cyberattacks result in the loss of one million to 50 million records. In these cases, enterprise players can expect to lose between $40 million and $350 million — but one-third of this estimated cost is caused by lost business.

Read more at ZDNet.