How Much Does a Data Breach Cost to Fix?

IBM has released its latest cost of a data breach report, detailing exactly how much a data breach will cost to fix if it hits your organisation. 

Each year, tech giant IBM releases an updated version of its Cost of a Data Breach report which maps out just how much a data breach can cost organisations to fix, as well as providing a detailed portrait of where both threats and opportunities reside in the information security landscape.

The data has been compiled by the Ponemon Institute with responses from 3,200 security experts and consultants across 500 organisations around the world; by far the most in-depth analysis of the information security landscape. 


How much does a data breach cost? 

According to the report, a data breach will cost any given organisation around USD $3.86 million – AUD $5.3 million – to safely return to its operations. On top of this, the report states that 80% of these data breaches resulted in customer data being accessed by an unauthorised third-party, which can leave organisations liable to further punitive measures from regulators. 

On average, it takes 280 days to identify a data breach, according to the report. Authors state that there is up to $1 million in savings if a data breach can be detected in less than 200 days

The report states that specific to 2020, the COVID-19 pandemic has also impacted the cost of a data breach, considering workforces are beginning to work remotely which can present opportunities for third-parties to take advantage. The added cost is said to be around $137,000 extra per breach, with 76% of respondents saying remote working will increase the time taken to identify a data breach, and an additional 70% saying it will increase the cost of a data breach in their organisation. 

Grab Your Free ISO 27001 Gap Analysis Checklist

What was the most expensive cause of a data breach? 

The report shows that business email compromises (BEC) attacks were one of the most expensive cause of a data breach, due to the resource-intensive nature of the clean up and remediation process after a data breach. The report states that 20% of data breaches were the result of an unauthorised third-party gaining access to an employee’s log in details. In addition to this, misconfigured networks were a costly addition to damage costs, amounting to an average of USD $500,000 per incident. 

State-sponsored attacks on major organisations and critical infrastructure accounted for just 13% of the breaches analysed, but were by-far the most costly data breach to remedy, with a damage bill on average of USD $4.43 million. 

Organisations With an Information Security Management System or Similar were Millions Better-Off.

Authors of the report made it clear that organisations that were proactive and prepared when it came to cyber risks were spared millions of dollars in further damages in the aftermath of a data breach. On average, costs associated with a data breach for organisations with neither an incident response plan or dedicated team are said to be $5.2 million, compared to just $2 million for organisations with an information security plan and specialist team. 

“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” Wendi Whitmore, Vice President of IBM’s X-Force Threat Intelligence said. 

“At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only supporting a faster breach response but amore cost-efficient one as well.” 

Don’t forget to check our News page for the latest industry-relevant articles, how-to guides and ISO-explainers

Subscribe to our Newsletter


This field is for validation purposes and should be left unchanged.

Share This Post With Your Network

More To Discover