Data Breach Cost Up $4 million per Incident, Says IBM Report

Small and large companies incur cost worth nearly $4 million per data breach, a new study showed.

The Cost of a Data Breach Report was sponsored by IBM Security and conducted by the Ponemon Institute. It was based on extensive interviews with more than 500 global companies that suffered a breach in 2018.

According to the study, the cost per breach has surged 12% over the past five years. The increasing expenses show the financial impact of breaches. The study also attributed enhanced regulation as well as the complicated process of resolving cyberattacks for the growing costs.

The study also found that over 50% of data breaches resulted from malicious cyberattacks. These attacks by cybercriminals cost companies $1 million more than those whose data was leaked from accidental causes.

Malicious data breaches cost firms covered by the study $4.45 million on average. The report stressed that this kind of breaches is a growing threat for many businesses.  From 42%, the percentage of malicious attacks that caused data breaches climbed to 51% over the past six years.

Inadvertent breaches due to human error and system glitches resulted in 49% of the data breaches, the report wrote. Breaches caused by human error cost firms $3.50 million while those from system glitches cost $3.24 million.

The study said the breaches from human and machine error could be addressed through security awareness training to staff. Firms can also minimize security risks by investing in more advanced technologies and testing services to identify accidental breaches.

Data Breach Cost Up  million per Incident, Says IBM Report

The IBM report also found large-scale breaches result in substantial losses. Breaches affecting over 1 million records, while less common, cost firms around $42 million in damages. Companies that have leaked at least 50 million records cost companies an estimated $388 million on average.

In general, companies that were prepared for the attacks had incurred lower costs.  Firms with a fully functioning incident response team experienced $1.23 million lower breach costs than those that don’t have.

At nearly $6.5 million on average, medical organizations incurred the highest breach cost for nine consecutive years. This figure is more than 60% higher than other industries covered by the study.

The average cost of a breach in the U.S. cost $8.19 million, which is more than double the global average.

Cloud Security Issues

The study also highlighted the misconfiguration of cloud servers as a significant security threat. This human error contributed to the exposure of about 990 million records in 2018. These incidents accounted for 43% of all lost records for the year, the IBM X-Force Threat Intelligence Index showed.

A report by Skybox Security found that the incidence of security flaws in cloud container software has increased significantly. It surged by 46% in the first half of 2019 compared to the same period in 2018.