• According to IBM’s new report on data breach costs, breached businesses in 2020 paid ten percent more than companies in 2019.
  • In the U.S., the country with the highest number of cyberattack-related data breaches, the average data breach costs a company a little more than $9 million.
  • However, there’s also good news in the report. If an organization has deployed modern security tools and automation, the average breach costs drop by about 80 percent.
  • To learn about recent data breaches, consumers and businesses should visit the Identity Theft Resource Center’s (ITRC’s) data breach tracking tool, notified.
  • For more information, or if someone believes they are the victim of identity theft, consumers can contact the ITRC toll-free at 888.400.5530 or via live-chat on the company website www.idtheftcenter.org.

The Cost of Living

Welcome to the Identity Theft Resource Center’s (ITRC)Weekly Breach Breakdown for August 6, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we talk about the ever-increasing data breach costs, direct costs to businesses that are breached and the indirect expenses to consumers who are the ultimate victim of the breaches.

Mark Twain once wrote the “the cost of living hasn’t effected its popularity.” The same can be said of data breaches. Despite the billions of dollars spent on improving cybersecurity, the number of cyberattacks that lead to data breaches continues at a high pace.

Breached businesses also continue to see the cost of recovery continue to rise, too. There is nothing in sight that leads experts to believe the costs associated with data breaches will level off or decrease anytime soon.

IBM Releases New Report on Data Breach Costs

The benchmark report of data breach costs is published by IBM Security based on research from the Ponemon Institute. The 2021 report, the 17th annual edition, is based on 537 breaches across 17 countries in 17 different industries – backed by nearly 3,500 interviews.

What’s the bottom line? There are several key findings:

  • Nearly 18 percent of 2020 breaches involved remote workers. Those companies paid $1 million more on average in total data breach costs than organizations where remote work was not a factor.
  • The biggest share of breach costs is attributed to lost business, including customer turnover, lost revenue and the increased costs of new customer acquisition thanks to reputation damage.
  • The average cost per record lost jumped to $161, up from $146 in the previous year. If the record involved Personally Identifiable Information (PII), the average cost was $180 per record.
  • The average number of days to find and fix data breaches grew by one week in 2020 to 287 days. Think of that this way: if a breach started on January 1, it would take until October 14 to stop it.
  • There is some good news in the IBM report. If an organization has deployed modern security tools and automation, the average breach costs drop by about 80 percent.

Average Data Breach Costs in the U.S. Over $9 Million

Remember the bottom line mentioned earlier? In the U.S., the country with the highest number of cyberattack-related data breaches, the average data breach costs a company a little more than $9 million.

These are average figures based on data breaches that range from 1,000 to 100,000 records lost. The costs go up by a factor of 100 when you get above one million records lost, which is not uncommon these days. Other factors that increase data breach costs include ransom payments and the complexity of a company’s IT infrastructure.

Not included in the report is how much of these increased data breach costs are passed along to consumers in the form of higher fees or prices. The report also does not quantify the impact on small businesses that don’t have the technical or financial resources that large enterprises do.

In October, the ITRC plans to publish a report on just that, how identity crimes impact small businesses, and how they recover. Stay tuned for more about our first Business Aftermath Report.

Also, listen next week to our sister podcast, The Fraudian Slip, when the ITRC CEO and the Founder of privacy protection company Abine discuss how consumers can protect themselves and their data while online.

Contact the ITRC

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org, where you will find helpful tips. 

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during normal business hours (6 a.m.-5 p.m. PST). 

Thanks again to Experian for supporting the ITRC and this podcast. We will be back in two weeks with another episode of the Weekly Breach Breakdown