An annual IBM security breach study released today (July 23, 2019) reveals that the cost of a data breach has risen 12% over the past five years and now costs $3.92 million on average. These rising expenses are representative of the multiyear financial impact of breaches, increased regulation and the complex process of resolving criminal attacks. “Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said IBM’s Wendi Whitmore. 


The financial consequences of a data breach can be particularly acute for small businesses. The study revealed significant variation in total data breach costs by organizational size.


$204 | The per-employee breach-related costs for organizations with more than 25,000 employees
$3,533 | The per-employee breach-related costs for organizations with between 500 and 1,000 employees

Thus, smaller organizations have higher costs relative to their size than larger organizations, which can hamper their ability to recover financially from the incident.


“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Whitmore. “Companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

Data breach keyboard illustration

Some of the top findings from this year’s report include:

  • Malicious Breaches | Over 50% of data breaches in the study resulted from malicious cyber attacks and cost companies $1 million more on average than those originating from accidental causes.
  • U.S. Breaches Cost Double | The average cost of a breach in the U.S. is $8.19 million, more than double the worldwide average.
  • Healthcare Breaches Cost the Most | For the 9th year in a row, healthcare organizations had the highest cost of a breach – nearly $6.5 million on average (over 60% more than other industries in the study).

Lifecycle of a Breach

279 days | The average lifecycle of a breach
206 days | Days between the breach and the first identification of the breach by the company
73 days | Days it takes for the company to contain the breach.

Healthcare organizations in the study had the highest costs associated with data breaches.

$6.5 million | The average per-organization cost of a breach in the healthcare industry was over 60% higher than the cross-industry average.


GettyImages

Related Articles