The report, which involves the responses to interviews with over 500 companies, declared that the average cost of a data breach is $3.86 million, which is a 6.4% increase on last year’s figure.
For the 42 UK companies that participated, the average figure for data breaches increased by 8%.
In terms of the average cost of data breaches other regions, the figure produced in the United States proved the costliest at $7.91 million, while Brazil brought up the lowest figure at $1.24 million.
However, the average figure for the cost of “mega breaches”, which involve anywhere between 1 million to 50 million confidential records being lost, came somewhere between $40 million and $350 million.
“While highly publicised data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS), explained.
“The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs.”
“Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
2018 marked the first year in which the report classified mega breaches using this range of amounts of lost records.
Up to 2017, mega breaches were considered as anywhere between 2,500 to 100,000, the lower range simply coming down to a lower frequency occurring in the past.
Furthermore, the figure calculated for the average cost of a single piece of lost or stolen confidential information was $148, which is up 4.8% from last year’s report.
Chairman and founder of the Ponemon Institute, Dr. Larry Ponemon, said: “The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach.”
“While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”
What can be done?
If companies are to crack down on confidential pieces of information being lost or stolen by cyber criminals and stop the rot that is the rise in data breaches, CTO’s and CIO’s need to ensure that their entire company know the risks and how to lower them; ideally by training employees as opposed to leaving this solely to IT and security departments.
Another recent study by Ponemon and Juniper Networks found that only 35% of participating representatives declared adequate staff for dealing with cyber threats, one of many aspects of the study that led Director of Security Portfolio Marketing at Juniper Networks, Amy James to implore technology bosses to “level the playing field”.
Perhaps businesses could follow the lead of law firm Gowling WLG and introduce a cyber education scheme that offers rewards?
Whatever CTO’s and CIO’s decide, it is clear from the growing number of cases of data breaches, especially mega breaches, that companies will need to be more vigilant than ever in dealing with cyber threats.