In context: Responsibility for keeping users' data safe ultimately falls on the companies entrusted to safeguard the information. As IBM highlights in its 2018 Cost of a Data Breach Study, the financial ramifications of failing to do so can be devastating.
Mega breaches – defined as data breaches involving more than one million records – are an increasingly common occurrence in today’s technologically advanced society. According to a global study recently published by IBM Security, the number of mega breaches has nearly doubled over the past five years, from nine in 2013 to 16 in 2017.
IBM’s 2018 Cost of a Data Breach Study reveals that the average cost of a small-scale breach involving 2,500 to 100,000 lost or stolen records is $3.86 million. Statistical modeling shows that a mega breach of one million records can cost nearly $40 million while a sizable breach of 50 million records could cost a company as much as $350 million.
There are many hidden expenses associated with large data breaches including loss of business, negative impact on reputation and employee time spent on recovery. A third of the cost of mega breaches were derived from lost business, IBM found.
On average, each lost or stolen record costs a company $148 although this figure can be influenced by several factors. For example, having an incident response team reduced the cost of each compromised record by $14 while employing an AI platform for cybersecurity trimmed costs by $8 per record.
Of the 11 mega breaches over the past two years that IBM studied, 10 were the result of criminal attacks versus, say, human error or a system glitch.
The study, based on interviews with nearly 500 companies that have experienced a data breach, also found that US companies have experienced the highest average cost of a data breach at $7.91 million followed by the Middle East at $5.31 million. Breaches were the least costly in Brazil where the total cost was just $1.24 million.