View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Cost of a data breach DROPS 10%, according to IBM report

The UK saw significant decreases compared to the four-year average costs, with the cost of a data breach averaging £2.5 million.

By Ellie Burns

Yahoo, OneLogin, DocuSign, Wonga – there is no short supply when it comes to high-profile data breaches, with rhetoric surrounding these incidents decrying the lax security measures and forewarning the hefty costs, fines and damage to brand. However, in findings which seemingly go against the cyber security grain of late, IBM has found that the average cost of a data breach has declined a significant 10%.

According to IBM Security’s global study, the average cost of a data breach is $3.62 million globally, a 10% decline from 2016 results. This is the first time since the global study was created that there has been an overall decrease in the cost. The cost of these data breaches cost companies $141 per lost or stolen record on average.

The study, conducted by Ponemon Institute, indicates that there is a strong correlation between regulation and the overall cost of a data breach. European countries, which operate in a more centralised regulatory environment, saw a 26% decrease in the total cost of a data breach over last year’s study. The US, where regulation differs per state, saw data breach costs actually rise 5%.

The top five reasons as to why the US saw a rise in data costs included “compliance failures” and “rushing to notify”. A comparison of these factors suggests that regulatory activities in the U.S. could cost businesses more per record when compared to Europe.

GDPRFor example, compliance failures cost U.S. businesses 48% more than European companies, while rushing to notify cost U.S. businesses 50% more than European companies. U.S. companies also reported paying over $690,000 on average for notification costs related to a breach – which is more than double the amount of any other country surveyed in the report.

These regulatory findings come at an apt time when the GDPR deadline is coming ever nearer. With just under a year to go, further regulatory compliance could result in further declines in data breach costs.

“New regulatory requirements like GDPR in Europe pose a challenge and an opportunity for businesses seeking to better manage their response to data breaches,” said Wendi Whitmore, Global Lead, IBM X-Force Incident Response & Intelligence Services (IRIS).

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“Quickly identifying what has happened, what the attacker has access to, and how to contain and remove their access is more important than ever. With that in mind, having a comprehensive incident response plan in place is critical, so when an organization experiences an incident, they can respond quickly and effectively.”

For a third year in a row, the report revealed the benefits of having an Incident Response (IR) team in place. Significantly reducing the cost of a data breach, an IR team found to save more than $19 per lost or stolen record.

A big part of why an IR team can reduce data breach costs is down to speed – the cost of a data breach was nearly $1 million lower on average for organisations that were able to contain a data breach in less than thirty days compared to those that took longer than 30 days.

Speed of response will be increasingly critical as GDPR is implemented in May 2018, which will require organizations doing business in Europe to report data breaches within 72 hours or risk facing fines of up to four percent of their global annual turnover.

READ MORE: US Voter Data Breach – Human error strikes again and no, cloud does not magically secure data

“The survey results make it clear that the time taken to contain a breach has a direct bearing on the cost.  Threat triage, investigation and containment are processes carried out by people that need technology to support their efforts. The technology needs to allow our people to get true visibility into what is going on, rather than simply providing huge amounts of data that has to be manually trawled through,” said Darren Anstee, Chief Technology Officer at Arbor Networks.

Other factors found to reduce the cost of a data breach  included encryption and education, with extensive use of encryption reducing data breach costs by $19 per lost or stolen record. Education, meanwhile, reduced the cost of a data breach by $12.50 per lost or stolen record.

Looking at the other side of the fence, the top factor increasing the cost of a data breach was the involvement of third-parties. The report found that third-parties increased the cost of a data breach by $17 per record.

Topics in this article : , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.