What do You Mean the Average Breach Costs $4 million?

Breaking Down the IBM Cost of a Data Breach Report

Newly released research by IBM shows that for the average business, the cost of a cyber breach will amount to $3.82million. We all know the cost of a cyber breach has been steadily increasing along with the volume and scale of attacks succeeding, but the cost seems astronomically high. Questions like “How can a breach possibly cost that much?” and “Who is this average organization they’re talking about?” arise. In order to better understand how this affects us, let’s break the report down.

While I would love to say that factored into the $3.82M value were a number of optional costs producing an inflated number that makes good headlines, that’s not the case. The average cost of a breach outlined in the new study takes into account the cost of regulatory fines, fees for third-party cyber forensics firms, legal costs, security upgrades, and potential compensation payments. Most of these costs are far from optional and account for the essential baseline any organization would need to expend as a part of an effective clean up after a breach occurs.

Hearing that a breach is going to cost you nearly $4M brings may bring to mind images of a waiter bringing your table an unexpectedly high bill with payment due immediately, but don’t worry, that’s not quite the case. These costs are calculated by considering the financial impact that breaches have to the organization over a number of years. The costs associated with the price tag are distributed costs with only 67% occurring in the first 12 months following the breach, 22% in the second year, and 11% occurring sometime beyond the first 24 months following the initial breach. So, within a year of a breach, the average organization can expect to pay $2,626,400. That number isn’t quite as frightening, but $2.6M is still no small number.  

Ok, so whom are they considering the average organization? According to IBM, the average organization is defined as businesses having over 500 employees. If you don’t have that many employees, you probably think this report doesn’t apply to you then, and you are all clear. Sorry, I have some more numbers for you. For organizations with fewer than 500 employees, the average breach will cost you $2.5M total. Applying the same math as we did for larger organizations means in the first year following a breach, you can expect to pay $1,675,000. For many businesses, costs this high over a one-year period would be a death sentence.

Over the past five years, this average cost of a breach has risen by 12% begging the question, how many businesses could survive such an attack? Whether your price tag for the first year after a breach is $2.6M or $1.6M, the cost to remediate a breach may be more than your organization is prepared to or willing to handle. Based on these numbers, it might be a good time to check out cybersecurity insurance and revaluate how your security architecture is set up. If it isn’t preventing the attacks from reaching your system, you might be needing that insurance policy sooner than you think.

To learn more about how Cyberinc prevents breaches visit us at www.cyberinc.com/isla.

Kim Thomson

Manager - Product Marketing