The average cost of a data breach continues to climb, according to IBM’s 17th annual global study of the cost to an organization of of a security incident.
For the 537 breaches that occurred during the 12 month period ending in March, participants estimated data breaches cost their companies an average of $4.24 million (all figures in US dollars) per incident, said the report issued Wednesday. That’s the highest cost in the survey’s history.
The report’s author, the Ponemon Institute, also says there’s evidence security incidents became more costly and harder to contain because the COVID-19 pandemic forced staff at many organizations to work from home. Many weren’t using protected corporate computers, nor were they protected by corporate cybersecurity defences.
Breaches cost on average over $1 million more when remote work was a factor in a data breach, said the report, compared to those where remote work wasn’t a factor.
The survey included nearly 3,500 interviews, and looked at data from 17 countries and regions and 17 different industries. Participants estimated their direct costs.
Canadian results
Among the 26 Canadian organizations studied, the average cost was $5.35 million. That was up slightly from the 2020 study. The average number of records exposed in this group was 24,400.
“While it’s not a surprise that data breach costs rose to their highest level during the pandemic, it should be a stark reminder for businesses to not let security lag behind as they accelerate their digital transformation,” Ray Boisvert, an IBM Canada associate partner for security strategy, said in a statement.
“For Canadian financial and technology companies in particular, who are digitizing faster than others in the country and paying more per lost or stolen record, investment in data security, AI and encryption should go hand in hand with cloud migration.”
Data breach costs include detection of an incident and escalation (such as forensic analysis, crisis management and audit services), notifying regulators and victims, post-breach response (help desk costs, credit monitoring for victims), and lost business.
Other findings of the 26 Canadian data breaches studied include…