Average Cost of Data Breaches Increased Year-Over-Year, Study Finds

The average cost of a data breach globally — including a number of breach-related factors such as investigations and recovery, notifications and cost of lost business — was $3.86 million in 2018, according to a new study from Ponemon Institute and IBM Security. That figure was up 6.4 percent from the 2017 report. Companies in the U.S. experienced the highest average data breach cost, at $7.91 million.

In examining the factors that affect the cost of data breaches, the study found that the time needed to detect and contain a breach was significant; companies that contained a breach in less than 30 days saved more than $1 million compared to those who took longer to do so. It also noted that having an incident response team reduced the breach cost by $14 per compromised record, while the use of an AI platform for cybersecurity reduced costs by $8 per record.

The study also found that the “mega breaches” — those involving the compromise of more than 1 million records — have nearly doubled in the last five years. The cost of a mega breach involving 1 million to 50 million compromised records averaged $40 million, and at 50 million records, estimated costs totaled $350 million. Mega breaches also took a longer time on average to detect and contain: 365 days, compared to 266 days for smaller scale breaches.