Average US Data Breach Cost $3.8 Million – Up 6.4%
By: Jim Stickley and Tina Davis
May 27, 2019
Not only is the cost of business going up, but the cost of preventing a data breach in the U.S. is going up with it. The “2018 Cost of a Data Breach Study” by Ponemon for IBM finds startling facts and figures on data breaches. The U.S. currently pays the highest price for a breach, averaging $3.86M compared to $3.62M last year. That’s about twice as much as the entire UK paid last year.
Data breaches deal specifically with the number of records lost or stolen, regardless of the number of employees. This study found a breach could cost from $2.2M with total records breached at less than 10,000. There’s a $6.9M price tag for those breaches with more that 50,000 records. Your company could be out $40M if 1 million records are stolen. For a mega company breach involving 50M lost records, that cha-ching wow factor is $350M. Consider the next financial blow of a data breach to a company – a company that just lost most, if not all its customer confidence. That’s an entirely other matter, but one so very important to its survival. The National Cyber Security Alliance finds that 60% of small-to-medium-sized businesses (SMBs) fail within 6 months of a cyberattack. It’s a “financial and customer confidence” double-hit that only 40% of those SMBs can survive.
The Ponemon study looks further into other costs associated with a data breach on a global scale. The highest cost for deduction and escalation costs – figuring out the how, the why, and what to do about it. At the most costly, Canada at $1.78M is first place with Brazil in last at $0.37M. The U.S. is more than half the average cost, coming in at $1.21M. The U.S., however, takes over first place by paying the highest price for losing customers due to a data breach or indirect cost. That figure is $4.20M just for losing customers from the breach alone – not even what the actual cost of breach is and how to fix it from a systems security standpoint, known as a direct cost. Combine security and system fixes, needed updates, throw in a public relations nightmare and you’ve got a great reason to stop a breach before it happens. The U.S. tops the chart at #1 highest direct cost at $152/breach record. It gets slightly better with $81/breach for indirect costs, with Canada ranking highest with $86 in that category.
When taking a comprehensive look at data systems, remember it’s both direct and indirect costs creating the big picture for the overall cost of a data breach. Preparing for the consequences for both of these needs to be a big part of the conversation. The study shows the faster an incident is found and the speed in which it’s dealt with can have huge cost-saving ramifications. It reveals that costs for the U.S. notifying consumers about a data breach is the highest in the world at $740,000. More bad news: It’s the most expensive per capita for the U.S. at $233, followed by Canada with $202.
Overall, preventing a data breach from ever happening is clearly the most cost-effective way to go, and your customer confidence stays right where you need it to be – with you.