Average Data Breach Costs Companies $3.86 Million

July 16, 2018, Written By John H. Oldshue
Average Data Breach Costs Companies $3.86 Million

The average data breach costs companies $3.86 million, but “mega breaches” can cost hundreds of millions of dollars, according to IBM’s “Examining the 2018 Costs of a Data Breach” report. This new price tag reflects a 6.4% increase from 2017.

Data breaches are most costly in the United States, where the average cost is $7.91 million. Canada was second at $4.74 million.

The total price of a breach depends on a number of factors, including the number of records affected and the speed at which the company discovers and responds to a breach. The average stolen record costs companies $148, and it takes an average of 197 days to discover a breach as well as 69 days to deal with it.

This is the first study to examine the costs of “mega breaches,” which are breaches with over one million exposed records. When one million records are lost, the average cost is $40 million. If the breach reaches 50 million records, the cost could be as high as $350 million. A loss of business is the reason these breaches end up costing companies so much.

Timehop, MyHeritage, and Ticketfly all recently experienced mega breaches where tens of millions of users were affected.

The report did contain some good news. Machine learning, artificial intelligence, and other security automation tools are working, and save companies an average of over $1.5 million per breach.

The study was based on data collected from 2,200 IT, data protection, and compliance professionals from 477 companies throughout the world.



The information contained within this article was accurate as of July 16, 2018. For up-to-date
information on any of the terms, cards or offers mentioned above, visit the issuer's website.


About John H. Oldshue

john-oldshue
John Oldshue is the creator of LowCards.com. He worked for over 15 years in television and won an Emmy award for his reporting. He covers credit card rate issues for LowCards.com.
View all posts by John H. Oldshue