The release of the 2020 Cost of a Data Breach Report brings fresh insight into the financial impact on businesses from security incidents.
The annual Ponemon Institute’s Cost of a Data Breach Report covers 524 breached organisations, across 17 countries and 17 industries, with 3200 individuals interviewed. According to the report, the global average cost that an organisation spends recovering from a data breach is $3.86 million (roughly £2.9 million).
Of the industries that were surveyed, healthcare had the highest average total cost. The average time to identify and contain a breach was 280 days.
At 52%, cyber attacks are noted as the primary cause of a data breach, with malware being the costliest form of an attack. On average, organisations spend $4.52 million (roughly £3.4 million) responding to these cyber incidents.
Key Report Findings
- The average cost of a data breach declined from $3.92 million in 2019 to $3.86 million in 2020, which Ponemon’s researchers’ credit to organisations improving their cyber security posture and cyber incident response capabilities.
- 80% of breached organisations stated that customers’ personally identifiable information (PII) was the most frequently compromised type of record and the costliest.
- Remote working during COVID-19 was expected to increase data breach costs and incident response times. Of the organisations that required remote work, 70% said it would increase the cost of a data breach and 76% said it would increase the time to identify and contain a potential data breach.
- Stolen or compromised credentials were the most expensive cause of malicious data breaches. One in five companies (19%) that suffered a malicious data breach was infiltrated due to stolen or compromised credentials.
- Misconfigured clouds were a leading cause of breaches, resulting in the average cost of a breach increasing by more than half a million dollars to $4.41 million.
- Lost business costs accounted for nearly 40% of the average total cost of a data breach, increasing from $1.42 million in the 2019 study to $1.52 million in the 2020 study. Lost business costs included increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to a diminished reputation.
- Incident response preparedness was the highest cost saver for businesses. The average total cost of a data breach for companies without an incident response plan was $5.29 million. The cost for those with an incident response plan in place was significantly less at $3.29 million.
- Organisations that used artificial intelligence and analytics had the most success mitigating the costs of data breaches, spending $2.45 million on their recovery process.
Many organisations do not know where to begin when improving their cyber security defences and implementing incident response capabilities. Our Cyber Security Services can help. From penetration testing to cyber security audits, our consultants can guide you through the core components of building an effective cyber security strategy.