IBM has released its annual study investigating the hidden costs of data breaches.
It found that the 2018 global average cost per breach is $3.86 million, a 6.4% increase from last year’s report.
‘Mega’ breaches, classified as breaches losing 1 – 50 million records, typically hit companies with a loss of between $40 million and $350 million.
Some high profile mega breaches seemed to result in bills significantly below the lower bound of $40 million, however. For example, Ruby Corp (the parent company of Ashley Madison) paid just $11.2 million in the settlement following their data breach in 2015.
IBM suggests this may be because such companies limit their public reporting to the more direct costs associated with a mega breach, and do not factor in lost business or reputation damage.
Wendy Whitmore, the Global Lead for IBM’s Incident Response and Intelligence Services, said to Benzinga: “While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified.
“The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs.
“Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
IBM based their findings on a number of factors like technical investigations, legal activities and loss of business and reputation.
Read more here.