What's the cost of a data breach?

What's the cost of a data breach?

Key figures

On an individual company level, IBM's yearly "Cost of a Data Breach" report indicates that the total cost of a data breach is $3.86M (€3.18M) on average. The total cost is not only limited to the direct costs. The following four cost centers also need to be taken into account:

  • Detection and escalation (investigation, audit, crisis management & internal communications)
  • Lost business (downtime cost, loss of customers & reputation damage)
  • Notification of data subjects (external communications, regulatory requirements, costs related to external experts)
  • Post breach activities (fines, help desk costs & legal expenditure)

Other key findings:

  • Healthcare has the highest industry average cost of $7.13M
  • Geographically, data breaches cost most in the USA with an average of $8.64M
  • The average time to identify and contain a breach is 280 days
  • The root causes of data breaches are human errors (23%), system glitches (25%) and malicious attacks (52%)
  • The majority of malicious breaches are caused by compromised credentials, cloud misconfiguration, a third-party software vulnerability, phishing or a physical security compromise

Data breach protection must include physical security

To counter these attacks, investments in cyber security companies increased ninefold since 2011 according to Crunchbase, whereas the majority of physical security systems still data back to the 20th century. Investments in physical  and digital security must go hand in hand. Traditional security systems offer no certainties. Badges, for example, can be easily passed on, hacked or stolen. This can cost companies as much, or even more, money than a digital attack.

Examples of physical security breaches can include:

  • Unauthorized access to the server rooms
  • Office theft or damage
  • Installation of bugging hardware in critical infrastructure
“Already 10% of malicious breaches are caused by a physical security compromise” - IBM
In 2020, a data security breach costed a company $3.86M (€3.18M) on average

Tips for preventing data breaches

  1. Educate and train employees by offering data security workshops
  2. Organize penetration testings for critical applications
  3. Use different passwords, locking systems, multifactor authentication for each individual server
  4. Make use of high-grade encryption for sensitive data
  5. Explore the possibility of a biometric access layer in physical security flows
  6. Keep all soft- and hardware up-to-date, including physical access systems
  7. Create a software architecture mapping for a complete overview of application dependencies