Security Experts:

Connect with us

Hi, what are you looking for?



Cost of Data Breaches Rises Globally: Report

Protecting data isn’t cheap, but neither is dealing with a data breach.

Protecting data isn’t cheap, but neither is dealing with a data breach.

According to the Ponemon Institute’s ninth annual global study on data breach costs, the average total price tag of a breach increased 15 percent to $3.5 million. The research, which focused on 314 companies across 10 countries, found that the cost incurred for each lost or stolen record containing sensitive and confidential information stood at $145, nine percent more than the cost noted in the previous report.

“The goal of this research is to not just help companies understand the types of data breaches that could impact their business, but also the potential costs and how best to allocate resources to the prevention, detection and resolution of such an incident,” said Dr. Larry Ponemon, chairman and founder of Ponemon Institute, in a statement. “This year’s Cost of Data Breach Study also provides guidance on the likelihood an organization will have a data breach and what can be done to reduce the financial consequences.”

Per Capita Cost of Data Breach Chart

All the companies that participated in the study had experienced a data breach ranging from a low of 2,400 compromised records to a high of slightly more than 100,000. The organizations were spread across the U.S., U.K., Germany, Australia, France, Brazil, Japan, Italy, India, the UAE and Saudi Arabia. The most expensive data breaches occurred in the U.S. and Germany, and cost $201 and $195 per compromised record, respectively.

The most common root causes of data breaches differed from country to country and affected the cost of the breach. Countries in Germany and the Arabian region had more data breaches caused by malicious or criminal attacks than other reasons, while India had the most data breaches caused by system glitches or business process failures. Human error was the most often cited cause in the U.K. and Brazil.

The U.S. and Germany paid the most for breaches caused by malicious or criminal attacks, with a price tag of $246 and $215 per compromised record, respectively. The cost per record for that kind of breach was lowest in India, where it averaged $60 per record.

On average, the involvement of business continuity management reduced the cost of a breach by $9 per record. The appointment of a chief information security officer to lead the data breach incident response team reduced the cost of a breach by more than $6.

The countries that lost the most customers following a data breach were France and Italy, while companies in Brazil and the Arabian region experienced the lowest loss of customers.

“A data breach can result in enormous damage to a business that goes way beyond the financials,” said Kris Lovejoy, general manager of IBM Security Services Division, in a statement. “At stake is customer loyalty and brand reputation.” 

Related Reading: Preparing for the Inevitable Data Breach

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.