What is the Cost of a Data Breach?

cost of a data breach

It is critical for small business owners to protect confidential data proactively because the average cost of a data breach is huge. And in a worst-case scenario, data breach incidents can force businesses to be defunct as well. In this post, you will learn – what is the cost of a data breach and what you do to cut down the cost.

Let’s explore:

Where do the Data Breach Reports Come From?

Some companies prepare data breach reports each year to help understand various aspects of data breach incidents.

Here are the top three reputed resources for data breach reports:

  • IBM The Cost of Data Breach Report

Sponsored by IBM Security, The Cost of Data Breach Report features research independently done by Ponemon Institute annually. In this report, the institute studies companies impacted by data breaches worldwide.

  • Verizon Data Breach Investigations Report

Each year, Verizon Data Breach Investigations Report explains data-driven, real-world views on what commonly befalls companies with regard to cybercrime. This data breach study offers many actionable insights to beef up your cybersecurity.

  • ForgeRock Consumer Identity Breach Report

If you want to look at how data breaches affect consumers across various reasons and industries, ForgeRock Consumer Identity Breach Report is the right resource. The report also offers insights into how one can strengthen cybersecurity to stay protected from attacks.

Data Breach Costs Key U.S. Findings

Data breaches often have long-term impacts on businesses. In addition to the cost of loss of data and regulatory fines, data breaches also have indirect costs, including employee turnover, lost revenue, customer turnover, negative search results, etc.

The following are key findings pertinent to data breach cost:

1. This is the average cost of data breaches.

The average global cost of a data breach touched $4.35 million globally in 2022, according to the data breach report from IBM. This is an all-time high, up by 2.6% from the last year.

If you are curious about the average total cost of a breach in the US? The answer is $9.44 million. The average cost of a breach in the US is the highest globally.

2. These are the most costly types of data breaches.

Do you want to know the average cost of a data breach by industry? Look at the following data from the IBM report:

  • Health care industry (10.10 million)
  • Financial industry (5.97 million)
  • Pharmaceuticals ($5.01 million)
  • Technology ($4.97 million)

The healthcare industry has the highest data breach costs, and the public sector has the lowest costs.

3. “Smishing” is one of the biggest emerging data breach threats

Smishing, a type of phishing that relies on text messages to induce users to reveal sensitive data, is emerging as one of the most significant data breach threats.

A Proofpoint report states that smishing attacks doubled in US users in 2021. And data from Federal Trade Commission (FTC) revealed that 378,119 SMS-related fraud reports were filed in 2021.

Double checking messages that create a sense of urgency or fear, avoiding clicking suspicious links, and contacting banks and other authorities directly for account-related issues are some effective ways to protect from smishing attacks.

4. These industries are the main data breach victims.

Here are industries that are the main data breach victims, according to the Verizon Data Breach Investigations Report:

  • Finance
  • Professional
  • Healthcare industry
  • Public administration

5. Why paying the ransom isn’t always a good idea.

After threat actors have encrypted data in a ransomware attack, business owners often consider paying the ransom. In fact, 53% of companies opt to pay for ransom. However, paying money isn’t always a good option. This is because paying threat actors encourages them to target more businesses And there is no guarantee that you will get full access to your data after the payment.

Uber paid hackers $100,000 to delete the compromised data but eventually spent $148 million in the final settlement.

6. These top factors contributed the most to data breach costs.

The longer a breach goes undetected, the more time threat actors will have to exfiltrate/encrypt data. So it is no surprise that a shorter data breach lifecycle (time passed between the first detection of the breach and its containment) links with lower data breach costs.

Data breach lifecycle within 200 days related to a global average cost of $3.74 million in 2022. But a data breach lifecycle of more than 200 days is linked with an average cost of $ 4.86 million.

7. This is the cost of a data breach per record.

The average cost of a data breach per record is $164 globally, finds the IBM data breach report. The average data breach per record cost has increased by 1.2% from 2021.

8. Remote work is more susceptible to data breaches.

Having remote workforces increases the costs of data breaches. According to the IBM data breach report, companies having more than 80% remote workforces pay $5.10 million in average data breach costs.

9. This is the average breach lifecycle duration.

According to the IBM report, the average data breach lifecycle duration is 277 days in 2022. In 2021, it took an average of 212 days to identify a breach and 75 days to contain it, making an average data breach lifecycle duration of 287 days. The longer the data breach lifecycle is, the more data breach costs will be.



10. Small businesses are heavily impacted when a data breach occurs.

When it comes to data breaches, small businesses are heavily impacted. In fact, 28% of Data Breaches in 2020 involved small businesses, according to 2020 DBIR. An incident of a data breach can result in increased cost of products/services. The IBM report states that 60% of organizations’ breaches cause an increase in prices.


11. Want to cut down on the cost of a data breach? Do this.

Implementing security AI and automation, having an incident response team, focusing on risks, and adopting a zero-trust model can cut down on the cost of a data breach.

Here are findings from the IBM report on data breach cost to prove it:

  • Fully deployed security AI and automation reduced average data breach cost by 65%
  • Organizations with incident response capabilities were able to reduce the overall cost of a data breach by 58%
  • Companies focusing on risks, threats, and impacts based on risk qualification techniques experienced a 48% lower average data breach cost
  • Companies that deployed the zero-trust model paid 20% less than the average data breach cost


Now that you know – what is the cost of a data breach? It is time to strengthen your data security to protect customer data or any other kinds of sensitive data from any potential data breach.



Image: Envato Elements

More in:

Sandeep Babu Sandeep Babu is a cybersecurity writer. He writes about malware, data security, privacy, and other cybersecurity topics for SBT and other reputed platforms.