The cost of a data breach now stands at R36.5 million from R32 million in 2017. This is according to IBM Security’s global study which looks at the financial impact of a data breach on a company’s bottom line
The 2018 Cost of a Data Breach Study found that hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage.
The research, conducted by Ponemon Institute, is based on in-depth interviews with nearly 500 companies that experienced a data breach, the study analyzes hundreds of cost factors surrounding a breach, from technical investigations and recovery, to notifications, legal and regulatory activities, and cost of lost business and reputation.
The research found that the average cost of a data breach globally is escalating and increased by 6.4 percent from the 2017 report.
“While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services (IRIS). “The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
Key South African findings include:
- The average time in South Africa to identify a data breach in the study was 150 days, and the average time to contain a data breach once identified was 40 days.
- The three root causes of data breaches were identified as malicious or criminal attack (45%), human error (30%) and system glitches (25%).
- On average, malicious or criminal attacks took 163 days to identify and 45 days to contain. Human error breaches took 139 days to identify and 33 days to contain.
- Detection and escalation costs also increased, rising from R9.5-million in 2016 to R11.6-million in 2017 and R12.3-million in the 2018 study.
- The amount of lost or stolen records also impacts the cost of a breach, costing R1 792 per lost or stolen record on average — a 9.4% increase from 2017.