Security incidents and data breaches have become very expensive. Large companies like Desjardins Group and Norsk Hydro reported to have spent millions in the wake of a data breach.
These are only a couple of the most extreme and high profile cyberattacks. However, the financial effect of a data breach remains high even for small and medium companies.
A new report from IBM and the Ponemon Institute revealed that the average cost of a data breach in the year 2020 reached $3.6 million. It marked a 1.5% drop from the average cost reported back in 2019. However, it still represented a 10% increase over the past five years.
The costs include the indirect and direct expenses related to effort and time in tackling a data breach as well as the regulatory fines and the lost opportunities due to bad publicity. The average costs may have been relatively unchanged, it’s still a fact that the costs are larger for companies that are not prepared and smaller for those who are.
The Rising Cost of Data Breach For Unprepared Companies
The organizations in the United States take on the highest costs, which stands at an average of $8.19 million per data breach, which represents a 5.3% increase from 2019. The rise is driven by the complicated regulatory setting that differ from one state to another, especially when it comes to cyberattack notification. In the United Kingdom, the figure has increased to more than 4% to about $3.9 million, which is a bit higher than the average cost across the world after many years.
The average cost of every record lost has dipped slightly lower from $150 in 2019 to $146. The costliest type of information to lose are the customer PII records, which were involved in about 80% of the data breaches in the study. The cheapest information to lose is the employee PII, which is the least likely type of data to lose during a cyberattack.
Almost 40% of the average total cost of a cybersecurity breach are attributed to lost business. This includes lost revenue because of system downtime, increased customer turnover, and the rising expenses of getting new business because of bad publicity. If you want to cut the costs, you need to prepare your business and that includes having a data backup and disaster recovery plan.
Slow Breach Response Can Also Increase The Costs
As the saying goes, time is money. This applies to data breaches, too. If you’re too slow to detect and contain the data breach, it could be disastrous for your company. It takes a total of 280 days to identify and contain a data breach. Responding to data breaches quickly can help you save cost. Studies revealed that companies that can identify and contain a cybersecurity breach in less than 200 days spent on average $1.1 million less.
To keep the cost of a data breach down, you need to have proper visibility into your environment and you need to have a tested and robust offline backups and data recovery plan.