The incurred cost of being hit with a data breach for small and large corporations rose by double digits over the last five years to almost $4 million per breach.
IBM’s worldwide annual study looking at the financial impact suffered by data breach victims rose 12 percent over the last five years, with larger firms – those with more than 500 employees – losing $3.92 million, and smaller enterprises – those with fewer than 500 workers – suffering losses of $2.5 million.
IBM also looked at the long-term impact of a data breach, noting that while 67 percent of the financial damage is incurred during the first year, 22 percent is accrued in the second year and 11 percent in the third year after the breach.
However, U.S.-based data breach victims suffered a much higher loss rate: $8.2 million per event. Health care institutions also suffered a proportionally higher amount: $6.5 million per incident – about 60 percent higher than other specific industries.
It was also found that the more records exposed in a breach, the higher the cost to the entity involved. Breaches of more than 1 million records cost companies a projected $42 million, while those of 50 million records are projected to cost companies $388 million.
The study, which was conducted by the Ponemon Institute for IBM, found that data breaches caused by malicious activity cost $1 million more than those taking place due to accidents. Overall, it was noted, about 51 percent of data breaches were due to malicious activity – a 21 percent increase.
Ponemon also found a direct link between the time it took to discover a breach and the final price tag to the victim. The average lifecycle of a breach was 279 days, with companies taking 206 days to first identify a breach and an additional 73 days to contain the breach. However, those who could shrink this cycle down to fewer than 200 days spent about $1.2 million less in recovery.
The report listed several other factors that can help cut down on breach-related expenses:
- Having an incident response team in place, and extensive testing of incident response plans saves about $1.3 million per incident.
- Companies that fully deploy security automation technologies will see breach-related costs cut in half.
- Encryption of files will reduce costs by $360,000.
- Carefully vetting the security arrangements of third parties that handle company data, ensuring each has systems in place that align with their parent organizations, can save $370.000.