What is the cost of a data breach?

What is the cost of an incident that affects corporate data? Which threats are the most expensive? Learn that and more from our latest research.

The more deeply new technologies infiltrate business processes, the more important data protection becomes. Nowadays, a single successful cyberattack can cost a company a significant portion of its income. Our new research found that the average enterprise data breach has passed the $1 million mark.

We questioned more than 6,000 employees of various companies from all over the world, from small businesses to huge corporations, and learned that regardless of company size, data breach costs have risen significantly over the past two years. For enterprises, the average cost of one incident from March 2017 to February 2018 reached $1.23 million. That is 24% higher than losses from 2016–2017, and 38% higher than losses from 2015–2016. As for small and medium businesses, they lose $120,000 per cyberincident on average — $32,000 more than a year ago.

Price of the breach

In the event of a cyberincident, businesses of all sizes spend the most on the emergency improvement of infrastructure and software. For enterprises, the cost of this work has increased one-and-a-half times since last year, now averaging $193,000. Reputational damages that hurt credit ratings and cause insurance premium growth come in second, averaging $180,000. Huge amounts of money are also consumed by belated security-awareness training ($137,000 on average).

Obviously, a desire to prevent reoccurrence, as well as time pressure, contribute to modernization and security training holding those top spots. However, it is quite possible that last year’s major wiper malware outbreaks (WannaCry and ExPetr) contributed as well.

As for small and midsize businesses, the financial rankings look similar, although three elements share the top spots, costing almost $15,000 each per incident. Small companies also have to pay for emergency infrastructure improvements, and they also suffer from reputational losses. They spend much less for training (because of their smaller size), but they have to draw on the resources of external professionals for recovery or forensics.

Tips