Companies Spend $3.8M on Average Per Data Breach – IBM Report


A report by IBM Security revealed that data breaches cost companies a whopping $3.86 million per incident, with the healthcare industry spending the most on such issues. The study is an analysis of incidents that happened to more than 500 enterprises across the globe.

According to the 2020 Cost of a Data Breach report, companies based in the United States spent the most in addressing such matters. It spent a whopping $8.64 million toward identifying and containing security issues, which takes 289 days on average.


Out of the incidents in the companies observed by IBM, around 80% of them led to the unintended exposure of clients’ personally identifiable information (PII). In fact, this type of information was the most expensive to address, which costs $175 per record.

Companies Spend Millions on Average Data Breach

The study was performed by Ponemon Institute and sponsored by IBM Security covering information gathered through interviews of 3,200 security professionals in companies that experience breaches over in the past year.


The Pandemic Effect

The study also revealed that individuals who have been working from home due to the pandemic did not receive adequate training in handling PII. In fact, more than half of the employees who were part of the survey did not receive new guidelines in doing so.

IBM noted that the work from home setup during the pandemic imposes “changing risk models associated with this shift.”

Aside from the current public health issue, the research revealed that compromised employee credentials are the costliest root of these security events. Third-party vulnerabilities are the second most expensive cause.

Meanwhile, the expenses caused by mega-breaches or those involving more than 50 million records increased from $388 million in 2019 to $392 million this year. Those involving 40 to 50 million records also cost more compared to last year.

While enterprises face serious threats, the most damaging ones were those involving nation-states. State-sponsored attacks were more expensive than financially driven ones by criminals and hacktivists.

On a positive note, the study found that the use of smart technology can minimize the cost of data breaches. This includes tech solutions such as artificial intelligence, analytics, and automated risk identification and responses.

The implementation of such smart solutions can cut costs by almost half. Companies that do not have automated tools spent an average of $6.03 million while those deployed them spent only $2.45 million.