Before 2018 ended, it witnessed an alarming incident in November that grabbed headlines. The data breach of Marriott International hotel was spotted in the Starwood guest reservation database in the U.S. on September 8, 2018, and the company confirmed the breach on November 19, 2018. Over 500 million guests’ data that include credit card details, date of birth, passport details, etc. have been compromised. It is one of many data breaches that happened last year. As the businesses are getting digitalized, there is a rampant increase in the number of attacks. The data breaches are becoming more frequent and more expensive.
IBM has made research on the cost of a data breach which Ponemon observed that it is a more in-depth analysis of the financial consequences of data breaches. The study also highlights the key findings of the root cause of the security breaches that can help in reducing the impact. The movement of businesses to cloud storage have increasingly resulted in data exposure. The cost of a data breach has increased by 12% over the past five years and is now $3.92 million on average.  The consequence of data breaches is not limited to the immediate aftermath of the incident, whereas the costs are felt for many years to come.
The entire IBM’s 2019 Cost of a Data Breach Report covers various segments that affect the costing of a breach and the impact on the overall business. Here we are sharing the 6 most exciting learnings you need to know from the report.
6 Takeaways from IBM’s 2019 Cost of a Data Breach Report
1. The cost goes beyond the fine
The first thing that the management of a breached business is concerned is that of the hefty fine that the regulatory authorities would impose for failing to comply with data protection requirements. The report identified that lost business forms the most significant percentage contributing to the total cost of a data breach. The average cost of lost business is 36% of the total average cost of $3.92 million which is $1.42 million.
2. Smaller businesses are bearing the higher burden
The incidents of more prominent companies always make the news headlines, whereas, smaller ones are under the impression that the breaches not meant for them and they happen only to larger companies. According to a survey performed by Security Magazine, nearly 70% of small and medium businesses experience cyberattacks.  Among the data breaches, small businesses have to incur higher costs than the cost of their business which makes them withdraw their businesses. The IBM report revealed that organizations having more than 25,000 employees would incur the cost of $204 per employee, whereas small companies with 500 to 1000 employees would bear the cost of $3533 per employee. This makes them sick, and many fail to recover after the incident.
3. U.S. and healthcare to have the most expensive data breaches
The data breaches in the U.S. are comparatively more than twice the global cost which is on an average $8.19 million. On the same trend, healthcare is continuously incurring the highest data breach cost with $6.45 million, which is again 60% more than the average of all the global industries.
4. Malicious attacks are the main source of breaches
Malicious cyberattacks which form 51% of breaches are the most common and expensive data breaches. Data breaches arising from human error and system glitches also among to 49% of the total data breaches, which can cost millions to the company.
5. Incident response plan amplifies cost saving
Having an incident response (IR) plan improves the ability of a business to react to a breach adequately. An IR plan complemented with IR team and IR testing can save cost more than a single security process. IBM’s report has identified that an IR plan can save $1.23 million compared to those with no IR team.
6. Encryption reduces breach cost
Among the various cost migrators to reduce the cost of a data breach, extensive use of encryption, threat intelligence sharing, data loss preventive measures, and integrating security play a significant role. However, encryption seems to contribute higher on reducing data breach cost, which is on an average of $360,000.
In a nutshell, the above six are the key findings, as mentioned in the Cost of a Data Breach Report. There are several measures like IR plan or encrypting data to reduce the cost of a data breach. Periodically, security measures and policies should be reviewed.