Seven Data Breach Lessons from research studies: What does a data breach cost?

Share this post:

Blogpost by Laura Begieneman, Senior Consultant Cyber Security & Data Privacy @IBM Security |

Two questions keep coming back when I meet customers and partners in GDPR-related sessions. First, when it comes to preparing for GDPR: where to start? Second, what is the true financial impact of a data breach?

On the first topic I recently started a blog series where we break down GDPR in nine digestible use cases. The first and second blog can be found here the third  will be published next week.

On the question of financial impact, IBM Security just published a very insightful study called 2016 Cost of Data Breach report. Our goal in this annual research is to help understand the costs associated with data breach incidents.

This study covers 383 companies across 16 industries and in 12 different countries. While, unfortunately, Benelux countries are still outside the scope, there is a lot to be learned from looking at the other European countries, such as Germany, UK and France.

Click here: to learn how our study quantifies the economic impacts of data breaches and observes cost trends over time.

This is not the first time we publish this study. Over the many years of studying the data breach experiences of more than 2,000 organizations we drew seven key conclusions:

1. Data breaches are a consistent cost of doing business and need to be incorporated into data protection strategies.
2. The biggest financial consequence is lost business. Following a breach, enterprises need to take steps to restore customers’ trust.
3. Most data breaches are caused by malicious attacks. These breaches take the most time to detect and have the highest cost per record.
4. The longer it takes to detect a data breach, the more costly it becomes to resolve.
5. Highly regulated industries (eg. healthcare, finance) have the most costly data breaches because of fines and the higher-than-average rate of lost business and customers.
6. Improvements in data governance initiatives will reduce the cost of data breach.
7. Investments in data loss prevention controls such as encryption and endpoint security are key in preventing data breaches.

Click here:  to learn how our study quantifies the economic impacts of data breaches and observes cost trends over time.

Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsible for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients’ business and any actions the clients may need to take to comply with such laws and regulations.  The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation.
Learn more about IBM’s own GDPR readiness journey and our GDPR capabilities and offerings to support your compliance journey here.