Taking into account the full-spectrum costs associated with a data breach, the average breach costs U.S. companies $8.19 million, according to a new study from IBM and the Ponemon Institute.
The big picture: It's not cheap to be breached. But the same study shows that a little foresight can save a large chunk of damages.
Background The IBM study based its statistical models on a wide variety of direct and indirect costs, ranging from the price of remediating a breach and paying for customer credit protection to IT downtime and reputational damage.
By the numbers: The average cost in the U.S. was more than twice the global cost of a breach ($3.92 million).
- Small firms take proportionally much greater damage. Globally, a firm of 500-1000 employees lost $3500 per employee per breach. A firm of more than 25,000 lost only $204 per employee.
- The most expensive breaches were in the healthcare sector, where the average cost per record stolen is more than twice as high as in any other field.
- The costs take some time to materialize. Only 67% of the costs came in the first year — 22% came in year 2, and 11% in year 3 and beyond.
The other side: Companies with an incident response team and a well-tested plan in place saved $1.23 million during a breach.
- But a plan can be relative to the size of a business. “Small businesses think plans need to be something complex,” said Wendi Whitmore, global lead for IBM X-Force incident response and intelligence services. “But it can just be as simple as having a list of numbers to call."
