Average Cost of Data Breaches Increased Year-Over-Year, Study Finds

The average cost of a data breach globally — including a number of breach-related factors such as investigations and recovery, notifications and cost of lost business — was $3.86 million in 2018, according to a new study from Ponemon Institute and IBM Security. That figure was up 6.4 percent from the 2017 report. Companies in the U.S. experienced the highest average data breach cost, at $7.91 million.

In examining the factors that affect the cost of data breaches, the study found that the time needed to detect and contain a breach was significant; companies that contained a breach in less than 30 days saved more than $1 million compared to those who took longer to do so. It also noted that having an incident response team reduced the breach cost by $14 per compromised record, while the use of an AI platform for cybersecurity reduced costs by $8 per record.

The study also found that the “mega breaches” — those involving the compromise of more than 1 million records — have nearly doubled in the last five years. The cost of a mega breach involving 1 million to 50 million compromised records averaged $40 million, and at 50 million records, estimated costs totaled $350 million. Mega breaches also took a longer time on average to detect and contain: 365 days, compared to 266 days for smaller scale breaches.


About Author

Monica C. Meinert

Monica C. Meinert is deputy editor of the ABA Banking Journal and editorial director at the American Bankers Association, where she oversees ABA Daily Newsbytes.