A recent global study by IBM suggests that the average cost to a breached company is now $3.86 million USD, with mega-breaches costing as much as $40-350 million. This is an increase of 6.4% from 2017. The high cost is not just because of the obvious damage to systems and loss of information but are due to more subtle reasons. The damaged reputation will lose current customers and deter future ones—over one third of revenue is lost due to mega-breaches. Also, resources spent on damage control, retraining, and education can also increase the costs. The study compared 500 companies with under 100,000 records who had suffered a data breach. The average time to discover the breach was 197 days, and it took an average of 69 additional days to contain it. It took an average of 365 days to identify and contain mega-data breach of 11 companies in the study. Speed was of the essence, as the study found that those companies who could mitigate the damage in under one month’s time could save $1 million. The amount of records compromised has an effect on the cost of the breach, with an average of $148 each, but this cost can be reduced by having incident response teams and automated systems in place. “Organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach,” IBM said.
