Each week we look at the most recent events and trends related to data security and privacy. Today we’re going to talk about the ever-increasing cost of data breaches including direct costs to businesses that are breached and the indirect expenses to consumers who are the ultimate victim of the breaches. Mark Twin once wrote the “the cost of living hasn’t effected its popularity.” The same can be said of data breaches.

Show Notes

Our podcast today is possible thanks to support from Experian and Abine. Make sure to subscribe for future podcast episodes! Have a podcast topic request? Contact communications@idtheftcenter.org

Follow on LinkedIn

Follow on Twitter

Show Transcript

The Weekly Breach Breakdown Podcast: The Cost of Living – Data Breach Costs Rise  

Welcome to the Identity Theft Resource Center’s (ITRC)Weekly Breach Breakdown for August 6, 2021. Our podcast is possible thanks to support from Experian. Each week we look at the most recent events and trends related to data security and privacy. This week we talk about the ever-increasing data breach costs, direct costs to businesses that are breached and the indirect expenses to consumers who are the ultimate victim of the breaches. 

Mark Twain once wrote the “the cost of living hasn’t effected its popularity.” The same can be said of data breaches. Despite the billions of dollars spent on improving cybersecurity, the number of cyberattacks that lead to data breaches continues at a high pace.  

Breached businesses also continue to see the cost of recovery continue to rise, too. There is nothing in sight that leads experts to believe the costs associated with data breaches will level off or decrease anytime soon. 

IBM Releases New Report on Data Breach Costs 

The benchmark report of data breach costs is published by IBM Security based on research from the Ponemon Institute. The 2021 report, the 17th annual edition, is based on 537 breaches across 17 countries in 17 different industries – backed by nearly 3,500 interviews. 

What’s the bottom line? There are several key findings: 

  • Breached businesses in 2020 paid ten percent more on average than companies in 2019. 
  • Nearly 18 percent of 2020 breaches involved remote workers. Those companies paid $1 million more on average in total data breach costs than organizations where remote work was not a factor. 
  • The biggest share of breach costs is attributed to lost business, including customer turnover, lost revenue and the increased costs of new customer acquisition thanks to reputation damage. 
  • The average cost per record lost jumped to $161, up from $146 in the previous year. If the record involved Personally Identifiable Information (PII), the average cost was $180 per record. 
  • The average number of days to find and fix data breaches grew by one week in 2020 to 287 days. Think of that this way: if a breach started on January 1, it would take until October 14 to stop it. 
  • There is some good news in the IBM report. If an organization has deployed modern security tools and automation, the average breach costs drop by about 80 percent. 

Average Data Breach Costs in the U.S. Over $9 Million 

Remember the bottom line mentioned earlier? In the U.S., the country with the highest number of cyberattack-related data breaches, the average data breach costs a company a little more than $9 million. 

These are average figures based on data breaches that range from 1,000 to 100,000 records lost. The costs go up by a factor of 100 when you get above one million records lost, which is not uncommon these days. Other factors that increase data breach costs include ransom payments and the complexity of a company’s IT infrastructure. 

Not included in the report is how much of these increased data breach costs are passed along to consumers in the form of higher fees or prices. The report also does not quantify the impact on small businesses that don’t have the technical or financial resources that large enterprises do.  

In October, the ITRC plans to publish a report on just that, how identity crimes impact small businesses, and how they recover. Stay tuned for more about our first Business Aftermath Report. 

Also, listen next week to our sister podcast, The Fraudian Slip, when the ITRC CEO and the Founder of privacy protection company Abine discuss how consumers can protect themselves and their data while online.  

Contact the ITRC 

If you have questions about how to keep your personal information private and secure, visit www.idtheftcenter.org, where you will find helpful tips.  

If you think you have been the victim of an identity crime or a data breach and you need help figuring out what to do next, you can speak with an expert advisor on the phone (888.400.5530), chat live on the web or exchange emails during normal business hours (6 a.m.-5 p.m. PST).  

Thanks again to Experian for supporting the ITRC and this podcast. We will be back in two weeks with another episode of the Weekly Breach Breakdown.