Cost of the average U.S. data breach tops $8 million

Taking into account the full-spectrum costs associated with a data breach, the average breach costs U.S. companies $8.19 million, according to a new study from IBM and the Ponemon Institute.

The big picture: It's not cheap to be breached. But the same study shows that a little foresight can save a large chunk of damages.

Background The IBM study based its statistical models on a wide variety of direct and indirect costs, ranging from the price of remediating a breach and paying for customer credit protection to IT downtime and reputational damage.

By the numbers: The average cost in the U.S. was more than twice the global cost of a breach ($3.92 million).

• Small firms take proportionally much greater damage. Globally, a firm of 500-1000 employees lost $3500 per employee per breach. A firm of more than 25,000 lost only $204 per employee.
• The most expensive breaches were in the healthcare sector, where the average cost per record stolen is more than twice as high as in any other field.
• The costs take some time to materialize. Only 67% of the costs came in the first year — 22% came in year 2, and 11% in year 3 and beyond.

The other side: Companies with an incident response team and a well-tested plan in place saved $1.23 million during a breach.

• But a plan can be relative to the size of a business. “Small businesses think plans need to be something complex,” said Wendi Whitmore, global lead for IBM X-Force incident response and intelligence services. “But it can just be as simple as having a list of numbers to call."