How much does a data breach cost? Understanding the costs—and why some breaches cost more than others—can help your financial institution mitigate the financial risks of a data breach.
A data breach costs $242 per lost record in the United States, according to the 2019 Cost of a Data Breach Report by IBM and Ponemon Institute which studied 507 organizations that had a breach over the past year. (The cost globally is $150.)
This includes costs of detecting and responding to the breach, notifying consumers, and legal fees. Then there’s the loss of customer trust. The study attributed 36 percent of the cost to lost business, with “abnormal” customer turnover of 3.9 percent.
The cost of a data breach can stretch for years. In highly regulated industries like financial services and healthcare, companies incurred 53 percent of data breach costs the first year, 32 percent in the second year, and 16 percent going forward from there, IBM/Ponemon found.
Not accounted in the IBM/Ponemon study is the impact to the stock price.
In a Comparitech study of 28 publicly traded companies that have collectively experienced 33 “massive” data breaches of 1 million or more records, it found data breaches have a long-term negative effect on stock prices. Stock values take the hardest hit in the first month after a breach and then recover, but underperform the NASDAQ by -13.27 percent after three years. This impact is amplified for payment and finance companies since they tend to leak highly sensitive financial data.
The financial impact of a breach depends on many factors, but two of the most significant are:
The average data breach costs a company $3.92 million, but breaches caused by third-parties cost an average of $4.29 million—about 10 percent more, IBM/Ponemon found.
About half of all breaches are the result of malicious cyber attacks. Another quarter is caused by human error, such as when someone falls for a phishing scheme, while the last quarter is caused by system glitches. The most expensive type of breach is also the most common: malicious attacks.
These insights can help your institution ensure it has controls in place to help limit the financial risk of a data breach. They include:
Make sure your institution is taking steps to guard against the growing threat of cyber breaches.