7 key findings from the 2020 Cost of a Data Breach Report
- Updated at March 19, 2021
- By Gatefy
- Blog, Security News
According to the 2020 Cost of a Data Breach Report, data breaches cost businesses an average of USD 3.86 million per incident. The report is based on 524 companies that experienced data breaches. They’re companies from 17 countries, serving 17 different sectors of activity.
About 3,200 security professionals were interviewed. The report is the result of a partnership between the Ponemon Institute and IBM.
To start, an interesting piece of information about data leaks and countries. U.S. continues to have the highest average cost per breach (USD 8.64 million), while Brazil has the lowest one (USD 1.12 million).
Table of Contents
What is the cost of a data breach?
The cost of a data breach involves different aspects, such as lost business, legal fees, and compensation to affected clients. According to the report, there are 4 central points in that count. Check it out.
- Detection and escalation.
- Lost business.
- Notification.
- Ex-post response.
7 key points from Cost of a Data Breach Report
1. Remote work worsens incident response time and increases financial spending
As we could already expect, the costs involving data breaches are higher for companies with remote work. In this case, the average of USD 3.86 million per incident rises to more than USD 4 million.
That is, we’re talking about USD 137,000 more than the average cost for companies that do remote work. We must also take into account that we’re in the middle of a pandemic caused by COVID-19, which forced many businesses to adopt remote work.
In addition to a bigger damage, remote work also worsens incident response time. According to the report, 76% of respondents said they would need more time to identify and contain a data breach.
2. Personal customer information is the most compromised type of data
According to the Cost of a Data Breach Report, 80% of data breaches involved personal customer information, also called personally identifiable information (PII).
The document also points out that breaches that contain personal information cost companies more. On average, the cost per stolen record is USD 146, but if the record is personal information the cost goes to USD 150 per record.
3. Most data breaches are malicious breaches
The report says that 52% of data breaches were caused by malicious attacks. Of this amount, 19% of companies were hacked due to stolen or compromised credentials, and 19% were compromised due to cloud misconfiguration.
Other causes of data breaches are system failure (25%) and human error (23%).
Among the 3 causes, malicious violations are the most expensive, costing on average USD 4.27 million, about USD 1 million more than system failure (USD 3.38 million) and human failure (USD 3.33 million).
4. The biggest cost of a data breach is lost business
Lost business represents about 40% of the average cost of a data breach, says the report. In other words, out of the USD 3.86 million that cost on average a leak, around USD 1.5 million is linked to loss of revenue and customers.
The report points out that leaks directly affect the company’s reputation, damaging the brand and impacting acquisition and retention of business.
5. Average time to identify and contain a violation is 280 days
According to the study, the average time to identify and contain a breach is 280 days. 207 days to identify the problem and 73 days to contain it.
6. Large companies spend more money in case of breaches
Check now what the report says about the average cost of a data breach by company size:
Less than 500 employees: USD 2.35 million.
500 to 1,000: USD 2.53 million.
1,001 to 5,000: USD 3.78 million.
5,001 to 10,000: USD 4.72 million.
10,001 to 25,000: USD 4.61 million.
More than 25,000: USD 4.25 million.
7. Other important takeaways
- Data breach by industry: healthcare has the highest cost.
- 53% of malicious breaches had financial reasons.
- 5% of malicious breaches involved BEC.
- 14% of malicious breaches involved phishing.
- 3% of malicious breaches involved social engineering.
- USD 4.44 million was the average cost of a ransomware breach.
- Incident response (IR) was the highest cost saver for businesses.
2020 Cost of a Data Breach Report
If you would like to check out the full report, click here.
Email protection solutions
Gatefy is a startup that develops artificial intelligence and machine learning to improve businesses’ email security.
Our solutions are compatible and easily integrated with different types of platforms and email providers, such as Office 365, G Suite, Exchange, and Zimbra.
Visit our product pages: Gatefy Email Security and Gatefy Anti-Fraud Protection.