How much does a data breach cost? + How to prevent it (Best practices)

By some estimates, close to 30 percent of businesses in the United States will experience a data breach.


By some estimates, close to 30 percent of businesses in the United States will experience a data breach.

Security breaches are becoming an everyday occurrence. A sense of violation, losing private information, and the frustration of being a victim of theft are just the tip of the iceberg with data breaches. In recent years, companies like British Airways and Marriott have spent tens of millions of dollars in the wake of data breaches.

While these behemoth companies represent the extreme in calculating the cost of a data breach, this definitely does not mean that data breaches are inexpensive.

Factors That Affect the Cost of Data Breaches

They estimate the direct and indirect cost of data breaches to average around $4 million per breach. This figure includes the time and effort used to deal with the breach, recovering from adverse publicity, loss of customers, and regulatory fines.

In 2020, the average size of a data breach worldwide was 25,575 records. The United States had an average breach size of approximately 32,400 records. It’s estimated that in the United States the money lost per record averages out to $242. In 2018, nearly 471 million records were exposed in the U.S.


There are some factors that can affect these costs, including the steps an organization has taken in advance to prepare for the breach and how quickly they react after the breach. Data breaches produce an average of 3.4 percent customer turnover.

This number is a little higher than in years past because as customers become more familiar with data breaches, their impact, and the security features and web hosting options available to mitigate them, they are becoming less tolerant with businesses that have these breaches.

According to the IBM report, the average time to identify a breach last year was 206 days. It causes long-term consequences and significant financial loss. There are simple solutions to avoid putting your company at risk that could damage it permanently. A reliable and secure web hosting solution is one of them, as well as investing in your cybersecurity infrastructure.

Some industries are more in danger than others. Data breaches are more expensive for the healthcare industry. This is because they handle sensitive data. As a result, the average cost per record in the United States is $429. There are several regulatory fines or fees that the healthcare industry may be forced to pay when there is a data breach.

It’s understandable that people want their healthcare records to be protected at all costs. Healthcare records are full of personally identifiable information that could be used to blackmail victims and possibly assume their identity.

Hackers leak top pharmaceutical company's data on dark web

When businesses are slow in responding to data breaches, their expense increases. On average, according to a report produced by IBM, it takes approximately 279 days to identify and to contain a data breach. This is a slight increase in 2019. The same report shows that if organizations can identify and contain a breach in less than 200 days, they might save an average of $1.2 million. 


When discussing data breaches, time is money. The longer it takes to identify a breach, the more information a fraudulent individual has access to. They could eventually gain access to different accounts and different devices. Remediating the effects of this type of breach drives up costs.

Besides the loss of reputation, loss of customers, fees levied by government institutions, and any litigation brought by the victims, data breaches can have a serious impact on an organization’s stock price.

Reports show that publicly traded companies that suffered a breach saw their stocks hit their lowest point around 14 days after the breach was publicized. In most cases, within six months, the company can fully recover.

The markets seem less kind to businesses that had a breach involving sensitive information. It also seems that newer breaches are having a diminished impact on stock prices when compared to those that transpired a few years back.

Take Steps to Prevent Data Breaches

Today, most businesses collect personal information about their employees, their customers, or their clients. Data breaches do not solely affect enormous companies. Small and medium-sized organizations are frequently falling victim to data breaches. This is because they lack the comprehensive network security and employee training that large organizations have. This makes them easy pickings for all types of cyberattacks.

Thankfully, there are some steps that businesses can take to minimize the risk of a data breach.


Only Keep the Information You Actually Need

It’s beneficial to periodically inventory the type and quality of information stored on computer files. The volume of information can be reduced and only the necessary files should be kept. Minimize the locations where private data is stored. Know what you store and where you store it.

Protect Your Data

Organizations that do business with third parties need to know who they are doing business with. Unauthorized customers, vendors, and employees should not have access to sensitive data. If it is necessary for employees or third parties to view sensitive data, guarantee that they are complying with privacy laws. Third-party vendors should be required to pass background checks. All of their activity should be monitored.

How to Teach Your Employees About Cybersecurity

Train Employees to Be Security-Conscious

An organization could have a comprehensive data security program in place backed up with the latest cyber security technology. However, if their employees are not security-conscious, they could unknowingly open a suspicious email or fall victim to a phishing scam just like in a recent Twitter hack when hackers target the company’s employee with a phone phishing scam.


Organizations that are serious about protecting their data schedule quarterly or monthly cyber security courses. Research shows that people need to hear the same message at least seven times before their behavior changes.

Regularly Update Software

Operating systems and all applications should be regularly updated. Patches should be installed as soon as they are available. While it can be time-consuming to do this, this is an effective and inexpensive way to strengthen your network and to prevent cyber-attacks before they happen.

Create a Response Plan

Many organizations mistakenly believe that they do not need a data breach plan. They feel it could never happen to them or believe that they can handle it responsibly if and when it happens. History has proven that neither assertion is valid.

Customers affected by data breaches want to know when a breach occurred and what information was lost. The sooner customers know, the easier it is for them to protect themselves from identity theft or fraud.

A good data breach response includes quickly identifying the source of the breach, what was lost, and when the breach occurred. The responsible parties should be identified swiftly. Decisive action should be taken to minimize damage and rebuild public trust.

It is better to prevent a data breach as opposed to reacting to one. Data breaches cost organizations billions of dollars annually and destroy trust. By employing best practices, data breaches can be prevented.


Did you enjoy reading this article? Do like our page on Facebook and follow us on Twitter.

Related Posts