Cost of data breaches eases as more Irish firms held to ransom

Two cybercrime surveys highlight dangers to business from security hacks

On average, data breaches costs individual organisations $3.62 million per incident.

On average, data breaches costs individual organisations $3.62 million per incident.


The cost to businesses for a record lost or stolen as a result of a data breach amounts to more than €100 per document, according to a new study.

The global survey from IBM and the Ponemon Institute reveals that while the average cost of a data breach fell by 10 per cent last year – the first decline recorded since 2009 – breaches are still extremely expensive.

On average data breaches costs individual organisations $3.62 million per incident, down from $4 million a year earlier. The average cost of a breach rose 29 per cent from 2013 to 2016.

While costs declined 26 per cent in Europe, in the United States the cost of a breach rose 5 per cent to $7.35 million.

Data breaches were the least expensive in Brazil, costing companies on average $1.52 million.

The study shows most organisations took more than six months to identify a breach, and more than 66 additional days to contain a breach once discovered.

Not surprisingly, the speed with which an organisation can contain data breach incidents has a direct impact on financial consequences. The cost of a data breach was nearly $1 million lower on average for companies that were able to contain a data breach in less than 30 days compared with those that took longer.

For the third year in a row, the study found that having an incident response team in place significantly reduced the cost of a data breach, saving more than $19 per lost or stolen record.

In other IT security news, a new survey shows one in five Irish businesses were held to ransom by cybercriminals over the last 12 months.

The survey, which was conducted by IT security firm Ward Solutions following the recent WannaCry attack, found a marked increase in ransomware attacks.

Of those who said that their business was held to ransom, 64 per cent said the amount demanded by cybercriminals was less than €1,000.

Almost half of all respondents said they would not pay a ransom regardless of how valuable the data was that had been stolen.