2 min

The average cost of a data breach is now estimated to be over $4 million, a new record reached during the COVID-19 pandemic. On Wednesday, IBM Security released its annual ‘Cost of a Data Breach report, with estimates from 2021 that show that the typical data breach now costs about $4.24 million per incident.

The expenses are getting higher (by about 10%) than in 2020 in cases where 1,000-100,000 records are involved.


The mega breaches hitting the top enterprise firms responsible for the exposure of between 50-65 million records have a higher price tag, requiring an average of $401 million to resolve.

The analysis

After looking at data breaches reported by over 500 organizations and a survey from the Ponemon Institute, IBM says that the drastic operational shifts felt by the enterprises due to the pandemic, quarantine orders, and a need to take things remote quickly resulted in higher costs and difficulties maintaining security.

Containing incidents also became difficult.

IBM estimates that about 60% of organizations moved to the cloud to keep their businesses going, but security measures weren’t scaled up to fit the new environment and increased threats.

More breaches, more money

When work from home was reported, there was an increase of up to $1 million more when a data breach occurred, with some rates going as high as $496 million, in comparison to pre-pandemic figures that stood at around $3.89 million.

The most common attack vector for enterprises undergoing a breach was compromised credentials, taken from dumps online, sold to criminals, or obtained by brute-force attacks. Once a network was breached, customer Personally Identifiable Information (PII) including addresses and names, were stolen in close to 50% of the cases.

In 2021, it has taken an average of 287 days to detect and contain a data breach, 7 days longer than in the previous year. More will have to be done if these stats are to change.