Wednesday 11 July 2018 4:10 pm | Updated: Friday 24 May 2019 7:51 pm

The cost of a major data breach for businesses hits £263m, almost doubling in just five years

The hidden costs of a data breach to businesses globally has risen by 6.4 per cent in the last year, with the average total cost of a major breach hitting £263m.

The amount of so-called mega breaches – cases that involve more than 1m records being lost – have nearly doubled over the last five years, with 16 mega breaches occurring in 2017. Data compiled by IBM revealed that breaches on this scale can cost a business anywhere from $40m (£30m) to $340m, with more than 90 per cent of these breaches stemming from malicious and criminal attacks as opposed to glitches or human error.

The research also found that the publicly reported costs by companies having experienced a mega breach are often underreported, leaving out the hidden costs which includes factors such as a negative impact on reputation, and employee time spent on recovery.

Lost business was found to be the biggest expense after a mega breach, costing companies an average of nearly $118m at almost a third of a hack's total cost.

The average time to find and contain a breach of this scale was a full year, but having incident response teams or using an AI platform for cybersecurity was found to reduce the cost of breaches by between $8 and $14 per record.

“The goal of our research is to demonstrate the value of good data protection practices, and the factors that make a tangible difference in what a company pays to resolve a data breach” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute which conducted the research on IBM's behalf.

“While data breach costs have been rising steadily over the history of the study, we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.”

In the UK alone, the total cost of an average data breach – sitting in the region of between 2,500 to 100,000 records lost – has increased 8.1 per cent in the last year to £2.69m, with malicious attacks being the root cause for 50 per cent of breaches.

Breaches in financial services are the most costly when measured by industry, at an average of £163 per stolen record and followed by technology at £151.

Wendi Whitmore, global lead for IBM's X-Force Incident Response and Intelligence Services (IRIS) said:

“The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”