The cost of cleaning up after a data breach can easily top the $1 million mark, according to a new report from the digital security giant Kaspersky—and not just because of the incident itself.
Data breaches create big messes that can be difficult for the targeted organization to fix. And as a new report shows, their high price tag only compounds those headaches.
According to a study from the tech security firm Kaspersky [registration], the average cost of a data breach is about $1.2 million. That’s a 24 percent increase from 2017 and a 38 percent increase from 2016.
Included in the tally are needed infrastructure improvements ($193,000, up from $132,000 last year), changes in insurance premiums ($180,000), and lost business ($131,000). Training is also a major cost: Employers spent an average of $137,000 on employee training, $126,000 on external resources, and $106,000 on new staff.
“Improving software and infrastructure is now the costliest outcome of a security breach for enterprises” and one of the costliest for small and medium businesses (SMBs), the report states.
One result of the increased risk of a breach is that expenditures on cybersecurity have surged, according to the report, which was based on a survey of more than 6,600 IT decision-makers globally. Large enterprises spend nearly $9 million on average, while small and medium businesses spend $246,000. Even tiny businesses have seen their security costs rise substantially.
“What’s apparent is that the booming cloud and mobile trends have presented plenty of opportunities for cybercriminals to exploit,” the report notes. “They are also opening businesses up to risks related to human error, while the distributed nature of cloud infrastructure presents management complexities. The use of cloud computing platforms has been on the rise for some time within both enterprises and SMBs which, although offering multiple benefits to businesses, also puts corporate data at risk.”
But organizations are adapting. For large enterprises, nearly a quarter of the average IT department’s budget is now devoted to cybersecurity, according to the report, and the size of that budget is expected to grow by 15 percent in the next three years. Additionally, more members of the management team are taking an interest in the issue.
“These findings not only highlight the growing costs associated with defending against cyberattacks,” the report says. “They also illustrate the value and importance that business leaders are placing on being able to protect their businesses against the latest threats—there’s a drive for IT security from the top down.”