Data breaches cost $3.86 million on average, finds research

The average cost of a data breach is $3.86 million finds research, but mega breaches affecting a million or more records can cost much more.

The research comes courtesy of IBM and the Ponemon Institute and follows interviews with 500 companies that experienced a data breach.

The study found that the average cost is up 6.4% from 2017, but mega breaches, affecting a million records, cost on average, $40 million, while a breach affecting 50 million plus records, cost an average of $350 million.

Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services said: “While highly publicised data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified. The truth is there are many hidden expenses which must be taken into account, such as reputation damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”

The research also found that the number of mega breaches had increased from nine in 2013 to 16 in 2017.

It also took precisely a year, on average, to detect a mega breach, compared to 266 days for a smaller breach.

The research found that for the biggest breaches, lost business cost an average of $118 million, a third of the total cost.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.