The average cost of a data breach is now $3.92m, according to analysis by IBM Security, the cybersecurity arm of the technology giant.

This represents a 12% increase over the past five years, reflecting the introduction of tougher legislation such as GDPR and the growing complexity of resolving criminal cyberattacks.

Malicious breaches were the most common cause of a data breach, with Just over half (51%) the direct result of cyberattackers. Such breaches were also the most expensive: at an average of $4.45m they cost $1m more than an accidental breach, such as human error or a software glitch.

“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services.

“With organisations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

An average of 67% of the costs of a data breach was resolved in the year following the breach. However, 22% spilt over into the second year, while 11% carried over to the third year.

Cost of a data breach: US leads the way

The US leads the way as the most expensive place for a data breach, costing companies an average of $8.19m – more than double the global average.

Meanwhile, the average data breach cost in the UK is £2.99m ($3.71m), a 10.56% increase from the previous year.

Despite the introduction of tougher legislation and a brighter spotlight on data breaches, the time taken to identify a breach increased compared to the previous year, from 163 to 171 days. The mean time to contain a breach also increased, from 64 to 72 days.

Data breaches are getting bigger too, with the average size increasing 3.6% in this year’s study. And the more data stolen, the bigger the costs: the average cost per record lost or stolen in a data breach is now around $150.

So-called mega breaches – those where more than a million records are lost – come with the biggest costs. Such breaches cost a projected $42m in losses.

Data breaches where more than 50 million records are lost cost companies an average of $388m.

3 Things That Will Change the World Today

The research was sponsored by IBM Security and conducted by the Ponemon Institute, which has monitored the cost of a data breach for the past 14 years. The report, titled The 2019 Cost of a Data Breach, looked at data breach costs reported by 507 organisations across 16 geographies and 17 industries.

For the ninth consecutive year healthcare organisations continued to be the costliest sector to experience a data breach. The average cost of a breach in the sector was nearly $6.5m, more than 60% higher than the cross-industry average.

Unsurprisingly, companies with an incident response team that regularly practised their response to a data breach experienced $1.23m less in data breach costs on average, compared to those without such measures in place.

The study also found that data breaches resulting from a third-party partner to be more costly, while smaller businesses with fewer than 500 employees were stung with an average data breach cost of $2.5m.


Read more: Watch: How IBM’s hyper-realistic Cyber Tactical Operations Center is simulating cyberattacks