New research from Kaspersky Lab shows that the average cost of experiencing a data breach globally is on the rise.
The annual Kaspersky Lab Corporate IT Security Risks survey is a worldwide survey of IT business decision makers, which this year had a total of 6,614 respondents from 29 countries.
The company found that breaches now amount to $1.23 million on average for enterprises (up 24 percent from $992K in 2017), and $120,000 on average for small and medium-sized businesses (up 36 percent from $88K in 2017).
“In the event of a cyberincident, businesses of all sizes spend the most on the emergency improvement of infrastructure and software,” wrote Julia Glazova of Kaspersky in a blog post. “For enterprises, the cost of this work has increased one-and-a-half times since last year, now averaging $193,000. Reputational damages that hurt credit ratings and cause insurance premium growth come in second, averaging $180,000. Huge amounts of money are also consumed by belated security awareness training ($137,000 on average).”
She added that “small companies also have to pay for emergency infrastructure improvements, and they also suffer from reputational losses. They spend much less for training (because of their smaller size), but they have to draw on the resources of external professionals for recovery or forensics.”
The 2018 report, On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives, also found that in North America, the average cost of a data breach has reached an average of $1.6 million, an increase of 23 percent or $300,000 from $1.3 million in 2017.
In addition, North America is the most expensive location for an SMB to suffer a data breach compared to all seven regions in the study. SMBs in the U.S. and Canada have the highest recovery cost, at $149,000 on average.
As for the costliest incidents, the data shows that for SMBs, the most expensive cybersecurity events were related to IT infrastructure hosted by a third party, costing $179,000 on average. For enterprises around the world, the expense was related to targeted attacks, costing $1.64 million on average.
And for enterprises and SMBs in North America, the top expense was the same for both, with breaches affecting IT infrastructure hosted by a third party at $163,000 for SMBs and $1.75 million for enterprises on average.