Average Cost of Data Breach Hits $4 Million

June 21, 2016, Written By John H. Oldshue
Computer hacker silhouette of hooded man with binary data and network security terms

The average cost of a data breach has now reached $4 million, up 30% from 2013, according to a recent IBM Security and Ponemon Institute study.

The average was $3.79 million last year.

“Data breaches are now a consistent ‘cost of doing business’ in the cybercrime era,” said Larry Ponemon, chairman and founder of the Ponemon Institute, a research firm focused on security. “The evidence shows that this is a permanent cost organizations need to be prepared to deal with and incorporate in their data protection strategies.”

Not only are data breaches becoming more expensive, but incidents are also on the rise. The Cost of a Data Breach study, which interviewed representatives of nearly 400 companies worldwide, found a 64% increase in reported security incidents between 2014 and 2015. Companies lose approximately $158 per compromised record, and highly regulated industries, such as health care, lose up to $355 per record.

The bulk of the costs come from forensics, communications, legal costs and regulatory mandates, but the survey also examined reputational damage and the cost of lost business.

IBM Security recommends companies have a coordinated and automated response plan, as this can reduce the cost of a data breach by nearly $400,000.

Identification and response speed also make a difference in the cost of a breach. Breaches identified in fewer than 100 days cost $3.23 million, while breaches identified after 100 days cost $4.38 million. The average time to identify a breach was 201 days, and the average time to contain it was 70 days.

The study also found companies with a business continuity management plan discovered breaches 52 days earlier and contained them 36 days faster.



The information contained within this article was accurate as of June 21, 2016. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.