Cost of data breach increases by 12% over the past 5 years

IBM Security revealed the results of its annual Cost of Data Breach Report.

The report was based on in-depth interviews with over 500 companies worldwide that suffered a data breach over the past year.

It was revealed that the average cost of a data breach is now $3.92 million, whilst in the U.S the average cost is $8.19 million, more than double than the worldwide average. 

The report examined the financial impact of a data breach for the first time, and discovered that an average of 67% of data breach costs were realized within the first year after a breach, 22% accrued in the second year and a further 11% accumulated more than two years after. 

Breaches of more than one million records cost companies an estimated $42 million whilst breaches of 50 million records are projected to cost companies $388 million. It was also revealed that companies with less than 500 employees suffered losses of more than $2.5 million on average. 

Amongst the findings it was noted that companies that extensively tested their incident response plan reduced the average costs of data breaches by $1.23 million. 

For the 9th year in a row, healthcare organisations suffered the highest cost of a breach, with nearly an average of $6.5 million. 

It was further revealed within the study that malicious data breaches were the most expensive but not the most common root cause of a breach. With malicious data breaches costing companies an average of $4.45 million. 

“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services. 

“With organizations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.