PLEX Solutions specializes in proactive cybersecurity services that help our clients thwart cyber-based attackers and prevent costly data breaches. A newly released 2019 study, sponsored by IBM and conducted by Ponemon Institute, paints a grim story of the cost businesses who neglect cybersecurity incur. Among the organizations surveyed, businesses impacted by major security incidents or data breaches averaged a cost of $3.92M internationally. In the United States, that cost soared to $8.19M per incident and typically took 279 days to identify and contain a data breach. Other key findings:
• Indirect costs, such as lost business, represented the largest single factor in data breach costs (36% of the overall cost)
• 33% of the costs of a data breach extend into one or two years after the incident
• It took organizations, on average 206 days in 2019 to identify a data breach, time for the attackers to perform significant malicious activity
The study also found that small businesses (between 500 and 1,000 employees) suffered
disproportionately higher costs in data breaches. While larger organizations averaged a cost of $204 per employee, small businesses saw costs of $3,533 per employee. PLEX often observes that small and medium-sized organizations have very limited IT budgets and small cash reserves, which make these higher cost-per-employee figures extremely damaging.
Unsurprisingly, businesses that took preventative measures to respond to a data breach were able to recover more quickly and save substantial costs when they experienced serious security incidents.
Specifically, companies with an incident response (IR) team, IR plan, and practicing of the plan saved an average of $1.2M per security incident. As part of PLEX’s CISO as a Service (CaaS) offering, PLEX helps organizations of all sizes improve their cyber resiliency.
For more insights into data breach costs, download the full IBM report at:
For more information on PLEX proactive cybersecurity testing and security governance services, email firstname.lastname@example.org.