
Two words spike fear inside of every business leader: data breach. And, rightfully so. According to an article by Larry Ponemon: “You’re more likely to experience a data breach of at least 10,000 records (27.9 percent) than you are to catch the flu this winter (5-20 percent, according to WebMD).” Now, that’s eye opening.
Each year, IBM Security and Larry’s team at the Ponemon Institute run a global study to determine what the average data breach costs an organization. They interviewed more than 2,200 IT and security professionals from 477 companies that were breached in the past 12 months.
Here is the breakdown of overall costs by breach size:
- Less than 10,000 records – $2.1 million
- 10,000 to 25,000 records – $3.0 million
- 25,001 to 50,000 records – $4.4 million
- Greater than 50,000 records – $5.7 million
- Mega breaches of 1 million records – $40 million
- Mega breaches of 50 million records – $350.44 million

Data Breach Cost Factors
There are 22 factors impacting the cost of a data breach, ranging from lost business (customer attrition), to notification costs, organizing an incident response team, training employees on information security, cost per record lost, and much more.
Malicious or criminal attacks accounted for the majority (52 percent) of data breaches. These criminally-motivated types of data breaches are significantly more expensive than any other. This is because the intent behind the attack is usually to tarnish brands or use peoples’ Personally Identifiable Information (PII) for financial gain, and they can also be more difficult to detect.
Of the 15 countries who participated in the study, the U.S. was the hardest hit, at an average cost of $7.91 million per data breach. That’s over $3 million more than Canada, where data breaches cost the second most. It’s alarming that not only was last year a record year for data breaches, but the average cost per breach also spiked nearly 8%.
Reducing the Fall Out from a Data Breach
The numbers in this study are frightening. No organization can completely protect itself from a data breach, but by implementing proactive cybersecurity, insurance, and contingency plans, the impact can be significantly reduced.
One of the first things that is negatively affected in a data breach is a brand’s reputation. What’s not often talked about is how the reputation of its customers and employees are also on the line. Identity theft is one of the most common consequences of data breaches, as 31.7 percent of breach victims experience ID theft. And, effects of identity theft linger long after a breach is contained.
If you’ve been keeping up with breach news, you’ll see that many organizations who are compromised immediately start offering identity theft protection. Don’t wait until it’s too late and the costs of recovery are crippling to your business. Get started by offering your employees the best ID theft protection today. Request a free trial.
Data Breach Resource Library
- 8 Tips for 2018 Breach Victims [infographic]
- 7 Tips for Protecting Your Identity [printable tip sheet]
- Protecting Your Employees in the Aftermath of Equifax [webinar replay]
- Data Breach Alert: Protecting Your Employees from Identity Theft [blog]
- The Impact of Today’s Data Breaches on Your Organization & Employees [whitepaper]