{"id":5000,"date":"2018-07-11T08:04:39","date_gmt":"2018-07-11T13:04:39","guid":{"rendered":"https:\/\/3dmerchant.com\/blog\/?p=5000"},"modified":"2021-12-03T03:24:39","modified_gmt":"2021-12-03T08:24:39","slug":"ibm-study-data-breaches","status":"publish","type":"post","link":"https:\/\/3dmerchant.com\/blog\/merchant-processing-industry-news\/ibm-study-data-breaches","title":{"rendered":"IBM Study: Hidden Costs of Data Breaches Increase Expenses for Businesses"},"content":{"rendered":"<h1>Study for First Time Calculates the Full Cost of &#8220;Mega Breaches,&#8221; as High as $350 Million<\/h1>\n<div class=\"wd_body wd_news_body\">\n<p><span class=\"xn-location\">CAMBRIDGE, Mass.<\/span>, July 11,\u00a02018 \/PRNewswire\/ &#8212;\u00a0IBM (NYSE:\u00a0IBM) Security today announced the results of a global study examining the full financial impact of a data breach on a company&#8217;s bottom line. Overall, the study found that hidden costs in data breaches \u2013 such as lost business, negative impact on reputation and employee time spent on recovery \u2013 are difficult and expensive to manage. For example, the study found that one-third of the cost of &#8220;mega breaches&#8221; (over 1 million lost records) were derived from lost business.<\/p>\n<p>Sponsored by IBM Security and conducted by Ponemon Institute, the 2018 Cost of a Data Breach Study<sup>1<\/sup> found that the average cost of a data breach globally is <span class=\"xn-money\">$3.86 million<\/span>,<sup>2<\/sup> a\u00a06.4 percent\u00a0increase from the 2017 report.\u00a0Based on in-depth interviews with nearly 500 companies that experienced a data breach, the study analyzes hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notifications, legal and regulatory activities, and cost of lost business and reputation.<\/p>\n<div>\n<ul class=\"wd_layout-masonry wd_asset_inline_list\">\n<li class=\"wd_asset_inline wd_item wd_asset_type_117 wd_asset_117-19380 wd_featureitem\">\n<div class=\"wd_gallery_asset\">\n<div class=\"wd_asset_image\">\n<div><img decoding=\"async\" title=\"IBM-Security-Data-Breach-Calculator-2018\" src=\"https:\/\/mma.prnewswire.com\/media\/717084\/IBM_Security_Data_Breach_Calculator_2018.jpg?w=600\" border=\"0\" \/><\/div>\n<\/div>\n<div class=\"wd_icon_overlay\">\n<div class=\"wd_icon_container\"><\/div>\n<\/div>\n<div class=\"wd_title_overlay\">IBM-Security-Data-Breach-Calculator-2018<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p>This year for the first time, the study also calculated the costs associated with &#8220;mega breaches&#8221; ranging from 1 million to 50 million records lost, projecting that these breaches cost companies between <span class=\"xn-money\">$40 million<\/span> and <span class=\"xn-money\">$350 million<\/span> respectively.<\/p>\n<p>&#8220;While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,&#8221; said <span class=\"xn-person\">Wendi Whitmore<\/span>, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS). &#8220;The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.&#8221;<\/p>\n<p><b>Hidden Figures \u2013 Calculating the Cost of a <span class=\"xn-person\">Mega Breach<\/span><br \/>\n<\/b>In the past five years, the amount of mega breaches (breaches of more than 1 million records) has nearly doubled &#8211; from just\u00a0nine mega breaches in 2013, to 16\u00a0mega breaches in 2017.<sup>3<\/sup> Due to the small amount of mega breaches in the past, the Cost of a Data Breach study historically analyzed data breaches of around 2,500 to 100,000 lost records.<\/p>\n<p>Based on analysis of 11 companies experiencing a mega breach over the past two years, this year&#8217;s report uses statistical modelling to project the cost of breaches ranging from 1 million to 50 million compromised records.\u00a0 Key findings include:<\/p>\n<ul type=\"disc\">\n<li>Average cost of a data breach of 1 million compromised records is nearly <span class=\"xn-money\">$40 million dollars<\/span><\/li>\n<li>At 50 million records, estimated total cost of a breach is <span class=\"xn-money\">$350 million dollars<\/span><\/li>\n<li>The vast majority of these breaches (10 out of 11) stemmed from malicious and criminal attacks (as opposed to system glitches or human error)<\/li>\n<li>The average time to detect and contain a mega breach was 365 days \u2013 almost 100 days longer than a smaller scale breach (266 days)<\/li>\n<\/ul>\n<p>For mega breaches, the biggest expense category was costs associated with lost business, which was estimated at nearly <span class=\"xn-money\">$118 million<\/span> for breaches of 50 million records \u2013 almost a third of the total cost of a breach this size. IBM analyzed the publicly reported costs of several high profile mega breaches, and found the reported numbers are often less than the average cost found in the study.<sup>4<\/sup> This is likely due to publicly reported cost often being limited to direct costs, such as technology and services to recover from the breach, legal and regulatory fees, and reparations to customers.<\/p>\n<p><b>What Impacts the Average Cost of a Data Breach?<br \/>\n<\/b>For the past 13 years, the Ponemon Institute has examined the cost associated with data breaches of less than 100,000 records, finding that the costs have steadily risen over the course of the study.\u00a0 The average cost of a data breach was\u00a0$3.86 million in the 2018 study, compared to <span class=\"xn-money\">$3.50 million<\/span> in 2014 \u2013 representing nearly 10 percent net increase over the past 5 years of the study.<\/p>\n<p>The study also examines factors which increase or decrease the cost of the breach, finding that costs are heavily impacted by the amount of time spent containing a data breach, as well as investments in technologies that speed response time.<\/p>\n<ul type=\"disc\">\n<li>The average time to identify a data breach in the study was 197 days, and the average time to contain a data breach once identified was 69 days.<\/li>\n<li>Companies who contained a breach in less than 30 days saved over <span class=\"xn-money\">$1 million<\/span> compared to those that took more than 30 days (<span class=\"xn-money\">$3.09 million<\/span> vs. <span class=\"xn-money\">$4.25 million<\/span> average total)<\/li>\n<\/ul>\n<p>The amount of lost or stolen records also impacts the cost of a breach, costing <span class=\"xn-money\">$148<\/span> per lost or stolen record on average. The study examined several factors which increase or decrease this cost:<\/p>\n<ul type=\"circle\">\n<li>Having an incident response team\u00a0was the top cost saving factor, reducing the cost\u00a0by <span class=\"xn-money\">$14<\/span> per compromised record<\/li>\n<\/ul>\n<ul type=\"circle\">\n<li>The use of an AI platform for cybersecurity reduced the cost by <span class=\"xn-money\">$8<\/span> per lost or stolen record<\/li>\n<\/ul>\n<ul type=\"circle\">\n<li>Companies that indicated a &#8220;rush to notify&#8221; had a higher cost by <span class=\"xn-money\">$5<\/span> per lost or stolen record<\/li>\n<\/ul>\n<p>This year for the first time, the report examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach. The analysis found that organizations that had extensively deployed automated security technologies saved over <span class=\"xn-money\">$1.5 million<\/span> on the total cost of a breach (<span class=\"xn-money\">$2.88 million<\/span>, compared to <span class=\"xn-money\">$4.43 million<\/span> for those who had not deployed security automation.)<\/p>\n<p><b>Regional and Industry <\/b><b>Differences<br \/>\n<\/b>The study also compared the cost of data breaches in different industries and regions, finding that data breaches are the costliest in the U.S. and the <span class=\"xn-location\">Middle East<\/span>, and least costly in <span class=\"xn-location\">Brazil<\/span> and India.<\/p>\n<ul type=\"disc\">\n<li>U.S. companies experienced the highest average cost of a breach at <span class=\"xn-money\">$7.91 million<\/span>, followed by the <span class=\"xn-location\">Middle East<\/span> at <span class=\"xn-money\">$5.31 million<\/span>.<\/li>\n<li>Lowest total cost of a breach was <span class=\"xn-money\">$1.24 million<\/span> in <span class=\"xn-location\">Brazil<\/span>, followed by <span class=\"xn-money\">$1.77 million<\/span> in <span class=\"xn-location\">India<\/span>.<\/li>\n<\/ul>\n<p>One major factor impacting the cost of a data breach in the U.S. was the reported cost of lost business, which was <span class=\"xn-money\">$4.2 million<\/span> \u2013 more than the total average cost of a breach globally, and more than double the amount of &#8220;lost business costs&#8221; compared to any other region surveyed. One major factor impacting lost business costs is customer turnover in the aftermath of a breach; in fact a recent <a href=\"https:\/\/www.prnewswire.com\/news-releases\/new-survey-finds-deep-consumer-anxiety-over-data-privacy-and-security-300630067.html\" target=\"_blank\" rel=\"nofollow noopener\">IBM \/ Harris poll report<\/a> found that 75 percent of consumers in the U.S. say that they will not do business with companies that they do not trust to protect their data.<\/p>\n<p>For the 8th year in a row, Healthcare organizations had the highest costs associated with data breaches \u2013 costing them <span class=\"xn-money\">$408<\/span> per lost or stolen record \u2013 nearly three times higher than the cross-industry average <span class=\"xn-money\">($148)<\/span>.<\/p>\n<p>&#8220;The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach,&#8221; said Dr. <span class=\"xn-person\">Larry Ponemon<\/span>, chairman and founder of Ponemon Institute. &#8220;While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.&#8221;<\/p>\n<p><b>Download Full Reports &amp; Register for the Webinar<br \/>\n<\/b>To download the 2018 Cost of a Data Breach Study: Global Overview, visit <a href=\"https:\/\/www.ibm.com\/security\/data-breach\/\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/www.ibm.com\/security\/data-breach\/<\/a><\/p>\n<p>To view the digital infographic with study highlights, visit: <a href=\"https:\/\/costofadatabreach.mybluemix.net\/\" target=\"_blank\" rel=\"nofollow noopener\">https:\/\/costofadatabreach.mybluemix.net<\/a><\/p>\n<p>To register to attend the IBM Security and Ponemon Institute webinar on <span class=\"xn-chron\">July 26<\/span><sup>th<\/sup> at <span class=\"xn-chron\">11 a.m. ET<\/span>, visit: https:\/\/ibm.biz\/BdYDvf<\/p>\n<p><b>About IBM Security<br \/>\n<\/b>IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force\u00ae research, enables organizations to effectively manage risk and defend against emerging threats. IBM operates one of the world&#8217;s broadest security research, development and delivery organizations, monitors 35 billion security events per day in more than 130 countries, and has been granted more than 8,000 security patents worldwide. For more information, please check\u00a0<a href=\"http:\/\/www.ibm.com\/security\" target=\"_blank\" rel=\"nofollow noopener\">www.ibm.com\/security<\/a>, follow\u00a0<a href=\"https:\/\/twitter.com\/ibmsecurity\" target=\"_blank\" rel=\"nofollow noopener\">IBMSecurity<\/a>\u00a0on Twitter or visit the\u00a0<a href=\"http:\/\/securityintelligence.com\/\" target=\"_blank\" rel=\"nofollow noopener\">IBM Security Intelligence\u00a0blog<\/a>.<\/p>\n<p><b>Media Contact:<\/b><br \/>\n<span class=\"xn-person\">Cassy Lalan<\/span><br \/>\nIBM Security Communications<br \/>\n319-230-2232<br \/>\n<a href=\"mailto:cllalan@us.ibm.com\" target=\"_blank\" rel=\"nofollow noopener\">cllalan@us.ibm.com<\/a><\/p>\n<p><sup>1<\/sup> Data collection began <span class=\"xn-chron\">February 2017<\/span> and interviews were completed in <span class=\"xn-chron\">April 2018<\/span><br \/>\n<sup>2<\/sup> Average cost for data breaches of 2,500-100,000 lost or stolen records<br \/>\n<sup>3<\/sup> Source: IBM analysis of <a href=\"https:\/\/www.privacyrights.org\/data-breaches\" target=\"_blank\" rel=\"nofollow noopener\">Privacy Rights Clearinghouse&#8217;s Chronology of Data Breaches<\/a><br \/>\n<sup>4<\/sup> Equifax data breach <a href=\"https:\/\/www.reuters.com\/article\/us-equifax-cyber\/equifax-breach-could-be-most-costly-in-corporate-history-idUSKCN1GE257\" target=\"_blank\" rel=\"nofollow noopener\">reported<\/a> to cost company <span class=\"xn-money\">$275 million<\/span>; Target <a href=\"https:\/\/corporate.target.com\/_media\/TargetCorp\/annualreports\/2016\/pdfs\/Target-2016-Annual-Report.pdf\" target=\"_blank\" rel=\"nofollow noopener\">2016 financial report<\/a> estimated <span class=\"xn-money\">$292 million<\/span> loss as a result of 2013 data breach; Ruby Corp (the parent company of <span class=\"xn-person\">Ashley Madison<\/span>) <span id=\"spanHghlt078d\"><a href=\"https:\/\/www.engadget.com\/2017\/07\/16\/ashley-madison-lawsuit-settlement\/\" target=\"_blank\" rel=\"nofollow noopener\">reportedly<\/a><\/span> paid <span class=\"xn-money\">$11.2 million<\/span> for the settlement of its 2015 breach.<\/p>\n<p>&nbsp;<\/p>\n<p>SOURCE IBM<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Study for First Time Calculates the Full Cost of &#8220;Mega Breaches,&#8221; as High as $350 Million CAMBRIDGE, Mass., July 11,\u00a02018 \/PRNewswire\/ &#8212;\u00a0IBM (NYSE:\u00a0IBM) Security today announced the results of a global study examining the full financial impact of a data &hellip; <a href=\"https:\/\/3dmerchant.com\/blog\/merchant-processing-industry-news\/ibm-study-data-breaches\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[10],"tags":[558],"class_list":["post-5000","post","type-post","status-publish","format-standard","hentry","category-merchant-processing-industry-news","tag-data-breach-report"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/5000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/comments?post=5000"}],"version-history":[{"count":1,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/5000\/revisions"}],"predecessor-version":[{"id":5001,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/posts\/5000\/revisions\/5001"}],"wp:attachment":[{"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/media?parent=5000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/categories?post=5000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/3dmerchant.com\/blog\/wp-json\/wp\/v2\/tags?post=5000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}