2018 Cost of Data Breach Study: An Overview

11 February, 2019

Every year, IBM Security Services sponsors a data breach study conducted by the Ponemon Institute. Despite growing awareness and heightened security measures employed by today’s enterprises, this year’s study reports, as it has year after year, that data breaches continue to grow, both in cost and in the number of consumer records being lost or stolen.


To compile this year’s report, Ponemon conducted interviews with more than 2200 IT, data protection, and compliance professionals from 477 companies that had experienced a data breach over the previous 12 months.

Here are some of the key findings:

  • During the prior 12-month period the report examined, the average total cost of a data breach rose from $3.62M to $3.86M, an increase of 6.4 percent
  • The average cost for each lost record rose from $141 to $148, an increase of 4.8 percent
  • The average size of data breaches increased by 2.2 percent
  • The average global probability of a material breach in the next 24 months is 27.9 percent, an increase over last year’s reporting of 27.7 percent

As in past years, the study also reports on how quickly an organization can identify and contain data breach incidents in relationship to financial consequences:

  • The mean time to identify (MTTI) a breach was 197 days
  • The mean time to contain (MTTC) a breach after it was identified was 69 days
  • Companies that contained a breach in less than 30 days saved over $1M versus those who took more than 30 days to resolve

internet_of_things_graphicFor the first time this year, the study also looked into the influence of two new cost factors—security automation and the extensive use of Internet of Things (IoT) devices.

  • The average cost of a breach for organizations that fully deploy security automation is $2.88M
  • The average cost of a breach for organizations that do not deploy security automation is $4.43M, a net difference of $1.55M
  • The extensive use of IoT devices increased cost by $5 per compromised record

Also for the first time, the study isolated data breaches involving more than one million records, or what they refer to as a mega breach.

  • A mega breach of 1 million records yields an average total cost of $40M
  • A mega breach of 50 million records yields an average total cost of $350M

Other salient findings from the research include:

  • Data breaches are the most costly in the United States and the Middle East and least costly in Brazil and India. The average total cost in the United States was $7.91M and $5.31M in the Middle East. The lowest average total cost was $1.24M in Brazil and $1.77M in India. The highest average per capita costs were $233 in the United States and $202 in Canada.
  • Notification costs are the highest in the United States. These costs include the creation of contact databases, determination of all regulatory requirements, engagement of outside experts, email bounce-backs and inbound communication setups. Notification costs for organization in the United States were the highest at $740,000 whereas India had the lowest at $20,000.
  • Canada has the highest direct costs and the United States has the highest indirect costs. Direct costs refer to the expense outlay to accomplish a given activity such as engaging forensic experts, hiring a law firm, or offering victims identity protection services. Canada’s direct costs were $81 per compromised record. Indirect costs include employees’ time, effort, and other organizational resources spent notifying victims and investigating the incident, as well as loss of good will and customer churn. The United States’ indirect per capita cost was $152.
  • The faster a breach can be identified and contained, the lower the costs. For the fourth year in a row, the study reports on the relationship between how quickly an organization can identify and contain data breach incidents and the financial consequences. Companies that identified a breach in less then 100 days saved over $1M compared to companies that took more than 100 days. Similarly, companies that contained a breach in less than 30 days saved over $1M compared to those that took more than 30 days.
  • shadowed_hackerHackers and criminal insiders are behind most data breaches. Forty-eight percent of all breaches in this year’s study were caused by malicious or criminal attacks. The average cost per record to resolve such an attack was $157. In contrast, system glitches cost $131 per record and human error or negligence cost $128 per record.
  • Incident response teams (IR) and the extensive use of encryption reduce costs. Organizations with incident response teams reduced costs by as much as $14 per compromised record. Similarly, the extensive use of encryption reduced costs $13 per capita.
  • Third party involvement in a breach and extensive cloud migration at the time of the breach increased costs. If a third party caused the data breach, the cost increased by more than $13 per compromised record for an adjusted average cost of $161, up from $148 per record. Organizations undergoing a major cloud migration at the time of the breach saw a cost increase of $12 per capita
  • The loss of customer trust has serious financial consequences. Organizations that lost less than one percent of their customers due to a data breach lost an average of $2.8M. Organizations that lost 4 or more percent of their customers lost an average of $6M.

An important takeaway from the Ponemon research is that there are many meaningful factors that decrease or increase the per capita cost of a data breach. Factors that decrease cost include, participation in threat sharing, employee training, BCM involvement, cyber analytics, extensive use of encryption, and a well-functioning incident response team.

In contrast, factors that increase the cost of a data breach include, third party involvement, extensive cloud migration, compliance failure, and the extensive use of mobile platforms.

Be safe out there.

To learn more about how ShareVault secures documents in the cloud, click here

The Seven Habits of Highly Effective Data Rooms

View More

Popular Posts

About the Author

Phillip Bandy is ShareVault’s chief information security officer (CISO) and is responsible for establishing security standards and controls, guiding the implementation of security technologies, and managing the establishment and implementation of security policies and procedures. He is an expert in computer incident response and has implemented computer security controls for NASA’s Mission Control.

Stay up to date on the latest industry tips and advice