IBM Cost of a Data Breach study: average Cost of Data Breach exceeds $4.2M

The ‘Cost of a Data Breach’ report commissioned by IBM Security states that the cost of a data breach exceeded $4.2 million during the COVID19 pandemic.

IBM Security presented today the annual study “Cost of Data Breach,” conducted by Ponemon Institute and sponsored and analyzed by IBM, which is based on data related to data breaches suffered by over 500 organizations between May 2020 and March 2021.

The study highlights the significant impact of the ongoing pandemic on the cost of data breaches and the effort to contain them. Remote operations during the pandemic have increased the surface of the attack and led to more expensive data breaches. Experts observed an increase of over $1 million for the breaches cost on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.).

The majority of the analyzed incidents involved compromised personally identifiable information (PII). The average cost per record was $180, and the overall average cost per record was $161, up from $146 in the previous year (+14.2% since the 2017).

The organizations suffered major costs (+10% compared to the previous year) and it was, even more, harder to contain such kinds of incidents.

“IBM (NYSE: IBM) Security today announced the results of a global study which found that data breaches now cost surveyed companies $4.24 million per incident on average – the highest cost in the 17-year history of the report. Based on in-depth analysis of real-world data breaches experienced by over 500 organizations, the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year.” states IBM Security.

The average number of days spent by organizations to identify and contain an incident was 287, an increase of seven days compared to the previous year.

The “Cost of a Data Breach” report analyzes multiple factors to determine the cost of security breaches, including legal, technical activities, legal disputes, impact on the brand, and employee productivity.

The average cost of a data breach passed from $3.86 million to $4.24 million in the last 12 months. The report also shows that organizations that have a more mature security posture faced significantly lower costs.

“Data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the history of this report. Costs were significantly lower for some of organizations with a more mature security posture, and higher for organizations that lagged in areas such as security AI and automation, zero trust and cloud security.” reads the study.

Most of the financial losses are caused by the loss of business which accounted for 38% of the total (roughly $1.6 million).

Healthcare organizations incurred the highest costs, $9.23 million on average per data breach, up from $7.13 million.

Ransomware and destructive attacks were costlier than other types of breaches. The report states Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach ($4.24 million).

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said Chris McCurdy, Vice President and General Manager, IBM Security. “While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line.“

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cost of Data Breach)

[adrotate banner=”5″]

[adrotate banner=”13″]