2 min

The cost of a data breach has risen by 12% over the past five years. This is the conclusion of an annual IBM Security study into the financial impact of data breaches on organisations.

A data breach now costs an average of 3.92 million dollars (3.5 million euros). This is due in part to stricter regulation, the multi-yearly financial impact of a leak, and the complex process of solving criminal attacks, according to IBM Security.

The report states that the financial consequences of a data breach can be considerable, especially for small and medium-sized enterprises. Companies with less than 500 employees had an average of $2.5 million in leakage costs. For a company that typically has $50 million or less in annual turnover, this can be a major problem.

On average, a data breach costs a company about 150 dollars (134 euros) per stolen or lost record.

Higher costs

Various data leaks can also entail higher costs than other variants. For example, leaks resulting from cyber-attacks cost companies on average one million dollars more than leaks that accidentally occurred.

According to the research, most of the leaks are still caused by such attacks. That was the case for more than 50 percent of the leaks that were investigated.

Logically, a large leak also involves higher costs. Leaks that include more than one million records are rare, but if they occur they cost companies expected 42 million dollars (37.5 million euros). Leaks with more than 50 million records cost companies according to the survey 388 million U.S. dollars (346 million euros).

Long term

IBM Security also looked at the consequences of a leak in the long term. This shows that the effects of a leak can be felt for years to come. 67 percent of the costs are in the first year after the leak, 22 percent follows in the second year. Another 11 percent of the costs only follow after the first two years after a leak.

In sectors where there is a lot of regulation – such as health care, financial services and the energy sector – the costs of a data leak were also higher in the second and third years.

Nevertheless, the costs can be reduced. The study shows that companies with an incident response team that has also tested its incident response plan well, on average cost 1.23 million dollars less in the event of a leak than companies that did not have one. In addition, encryption and automation technologies for security can reduce costs.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.