Mega data breaches cost megabucks, says IBM

IBM and the Ponemon Institute have revealed that the average cost of a data breach globally is $3.86 million, which is an increase of 6.4% year-on-year.

The reason for such a steep climb is that it is taking longer for businesses to address and fix the data breach, meaning they're without revenue for longer and also, more data records were lost last year compared to previous years the same study took place.

IBM and The Ponemon Institute questioned nearly 500 companies that have experienced a data breach and discovered that it was taking an average of 197 days to identify a breach and an additional 69 days to contain the breach after it had occurred.

The study also revealed that it costs an average of $148 per lost or stolen record on average, but having an incident response team saved companies $14 per compromised record, while the use of AI reduced the cost by $8 and a "rush to notify" policy reduced the per-record cost by $5.

Data breach response: How to react when your business gets hit

"While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified," said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS).

"The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake."

Dr Larry Ponemon, chairman and founder of Ponemon Institute explained that although the cost of data breaches has risen significantly over the last few years, the uptake of security automation tools was having a positive impact, saving more than $1.5 million on the total cost of a breach.

"While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs."

Clare is the founder of Blue Cactus Digital, a digital marketing company that helps ethical and sustainability-focused businesses grow their customer base.

Prior to becoming a marketer, Clare was a journalist, working at a range of mobile device-focused outlets including Know Your Mobile before moving into freelance life.

As a freelance writer, she drew on her expertise in mobility to write features and guides for ITPro, as well as regularly writing news stories on a wide range of topics.