Every business knows that getting hit by a data breach can have devastating results. Oftentimes, you lose business along with customer trust. There’s a costly impact to your reputation, and a lot of time is lost on recovering all your data – all translating to huge financial losses. A new report now puts these implications and hidden costs of data breach into perspective.

Cybersecurity Report

Ponemon Institute’s 2018 “Cost of a Data Breach Study” presents some worrying figures on the financial impact of data breaches on the corporate world.

While the costs of data breaches are expected to vary depending on factors such as the nature of data lost, the size and nature of the organization whose data has been compromised, and the severity or extent of the attack, Ponemon Institute reports that the global average total cost of a data breach exceeds a whopping $3.8 million.

This represents a 6.4 percent increase from last year’s $3.62 million. What does this mean? The cost of a single data breach is on the rise even as technology continues to present businesses with better, more advanced ways to protect their records both online and offline.

What The Report Covered   

The researchers at Ponemon Institute interviewed nearly 500 companies that had experienced a data breach for the study and analyzed numerous costs and cost factors surrounding an attack. These included incident investigation, legal and regulatory activities, recovery, damage to company reputation, and lost business occurring through customer turnover.

Based on these in-depth interviews, the study established that a mega breach, which simply refers to an attack in the range of 1 million to 50 million lost records, could respectively cost anywhere from $40 million to $350 million on average.

This was the first time the Ponemon Institute study, which has been released annually for the past 13 years, covered calculations of the costs associated with such mega breaches. It, however, did not include huge incidents such as the 2017 Equifax data breach in calculating the averages, arguing that these are uncommon and not the type of breaches that most organizations experience.

According to the report, a company that suffers a mega-breach is bound to experience lost business as the most significant cost. Lost business can claim up to one-third of the total cost of such a breach involving the loss of at least one million records.

What Influences The Cost Of Data Breaches?

A host of factors come into play to determine the costs incurred by organizations that have suffered a breach.

While the knowledge of these factors could mean little by itself, there are some factors that have the potential to reduce these costs. One such factor is the length of time it takes a business to identify and contain an attack incident.

To put it simply, if an organization takes a long time to identify an attack, they would equally take longer to contain the incident – and this would inevitably translate to more extensive damages and bigger losses.

Identifying a breach sooner, on the other hand, allows the victim to address it sooner and be able to contain the problem before the damage spreads. This has the potential to minimize the cost of a data breach.

If the figures from the Ponemon Institute report are anything to go by, it can take up to 197 days (well over 6 months) to identify a data breach and another 69 days to contain it.

Direly, these figures have significantly gone up in the last year, ostensibly because of an increase in the severity of these attacks.

Anything Companies Can Do To Reduce Data Breach Costs?

There are quite a few strategies that, if properly implemented, can help businesses to significantly lower the potential of data breaches and their associated costs.

For starters, the report from Ponemon Institute provides a strong correlation between the time taken to identify and contain an incident of data breach and its related costs. The yearly study has established this same correlation for four consecutive years now – indicating that the quicker you identify a breach, the less it will cost you.

So then, all you have to do is remain vigilant and prepared for an attack at all times. How you wonder? Consider extensive use of encryption in your organization, as this can cut the cost by as much as $13 per capita.

The research also recommends putting in place an incident response team. This, according to the study, can decrease the cost of a data breach by up to $14 per compromised record from the $148 average per-capita cost.


Based on the data from the 2018 cost of a data breach study, being able to contain a breach in less than 30 days will save you more than USD 1 million compared to a company that does not. However, if you can combine vigilance with an automated, state of the art security system, there’s no reason why you can’t keep data breaches from happening in your organization in the first place.