The cost of a data breach to businesses has risen by 12 percent over the last five years and now stands £3.1 million ($3.92 million) on average.
This is according to a new report commissioned by IBM’s security division, which highlights the long tail financial impact of a data breach.
Inadvertent breaches from human error and “system glitches” (IBM does not define this) are behind 49 percent of the data breaches, meanwhile; typically costing companies $3.50 million and $3.24 million respectively.
The costs include regulatory and business penalties that organisation incur following a breach. In the EU the General Data Protection Regulation (GDPR) is beginning to sting, as recently experienced by British Airways (recently warned it faces a £183 million fine) and Marriott International (a £99.2 million fine).
IBM noted in its report that: “The longtail costs were higher in the second and third years for organizations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.”
Data Breach Costs to SMEs
The cost of a breach to SMEs is of particular concern, as the report highlights that companies with less than 500 employees still suffered losses of more than £2 million when they were required to deal with the consequences of a breach.
The report also found that the cost of breaches typically spreads out over a three-year period: on average 67 percent of breach cost were accrued in the first year, 22 percent in the second year, 11 percent in the third year.
Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services commented in a release that: “Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses.”
“With organizations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”
The report was sponsored by IBM Security and conducted by the Ponemon Institute. That insider conducted interviews with personnel at over 500 companies around the world that had suffered a breach in the past year.
An earlier report by security firm Digital Shadows shows that there are now 2.3 billion files exposed online, owing to the misconfiguration of commonly used file storage technologies. Nearly half of the files (1.071 billion) were exposed via the Server Message Block (SMB) protocol – a technology for sharing files first designed in 1983, the company said. Other misconfigured technologies including FTP services (20 percent), rsync (16 percent), and Network Attached Storage devices (3 percent).