The average total cost of a data breach in 2021 was $4.24 million—a 10% increase from 2020, according to the IBM Security Cost of a Data Breach Report 2021. Depending on the organization’s security posture, the cost of a breach can drastically vary.
IBM reported four key categories that contribute to the cost of a data breach: lost business cost (38%), detection and escalation (29%), post-breach response (27%), and notification (6%).
Lost business represents the largest share of total breach costs. On average, lost business costs $1.59 million. The category includes increased customer turnover, lost revenue due to system downtime, and costs associated with acquiring new business to mitigate damaged reputation.
Following lost business costs, a large amount of money goes towards detection and escalation. On average, $1.24 million is spent on detecting a breach and dealing with the fallout. Activity that falls under this category includes investigative activity, auditing services, crisis management, and internal communication.
Another $1.14 million goes towards the post-breach response. The post-breach incident response describes actions taken after the fallout and towards communicating with data breach victims to rectify the situation. Examples of post-breach activities include help desk communications, legal expenses, product or service discounts, and regulatory fines.
On average, $270,000 goes towards any costs to notify data breach victims, internal teams, and any affected third parties. Examples of activity under this category include any communication to data subjects, regulators, or external experts.
IBM also lists the following additional costs to consider when recovering a data breach:
Companies can protect themselves from cyberattacks by detecting threats early and responding appropriately to malicious behavior. Armis can help teams by amplifying their existing security and providing trusted cyber asset intelligence.