View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Data Breaches Now Cost Businesses £3.1 Million on Average: Human Error Remains Main Culprit

"Companies need to be aware of the full financial impact"

By CBR Staff Writer

The cost of a data breach to businesses has risen by 12 percent over the last five years and now stands £3.1 million ($3.92 million) on average.

This is according to a new report commissioned by IBM’s security division, which highlights the long tail financial impact of a data breach.

Inadvertent breaches from human error and “system glitches” (IBM does not define this) are behind 49 percent of the data breaches, meanwhile; typically costing companies $3.50 million and $3.24 million respectively.

Read this:  Colossal 2.3 Billion Files Now Exposed Online

The costs include regulatory and business penalties that organisation incur following a breach. In the EU the General Data Protection Regulation (GDPR) is beginning to sting, as recently experienced by British Airways (recently warned it faces a £183 million fine) and Marriott International (a £99.2 million fine).

IBM noted in its report that: “The longtail costs were higher in the second and third years for organizations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.”

Data Breach Costs

Data Breach Costs to SMEs

The cost of a breach to SMEs is of particular concern, as the report highlights that companies with less than 500 employees still suffered losses of more than £2 million when they were required to deal with the consequences of a breach.

The report also found that the cost of breaches typically spreads out over a three-year period: on average 67 percent of breach cost were accrued in the first year, 22 percent in the second year, 11 percent in the third year.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services commented in a release that: “Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses.”

“With organizations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

The report was sponsored by IBM Security and conducted by the Ponemon Institute. That insider conducted interviews with personnel at over 500 companies around the world that had suffered a breach in the past year.

An earlier report by security firm Digital Shadows shows that there are now 2.3 billion files exposed online, owing to the misconfiguration of commonly used file storage technologies. Nearly half of the files (1.071 billion) were exposed via the Server Message Block (SMB) protocol – a technology for sharing files first designed in 1983, the company said. Other misconfigured technologies including FTP services (20 percent), rsync (16 percent), and Network Attached Storage devices (3 percent).

See Also: Home Office Still ‘Not Got A Grip’ of Emergency Services Network, Despite 3 Year Extension

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.