The 2019 Cost of a Data Breach report is out and unsurprisingly the cost of data breaches has increased 12% over the last five years and now costs companies $3.92 million on average, globally; with smaller businesses being hit hardest because of lower annual revenue. The report also, for the first time, details the “longtail costs” of a data breach looking at years worth of consequences. Understanding the rising costs associated with a data breach and the data surrounding its increase will help security professionals identify areas they could save money, in the inevitable event of a data breach.

In this post, we are reviewing the 2019 Cost of a Data breach study from IBM. Let’s take a look at the rising cost of data breaches, and the factors impacting cost increases and reductions for businesses.


Continuing from last year, malicious and criminal attacks are still the most prevalent root cause of data breaches worldwide at 48%. Additionally, these attacks are more costly at $157 per record cost for those compromised by attack vs $128 per record for those compromised via human error. In the U.S. these types of attacks are responsible for a slightly higher share of the pie, 52% of breaches are malicious or criminal attacks. The U.S. also has a higher than average cost per record at $207 per record for those compromised via malicious attack. The top three factors that influence an increase in the cost of a data breach globally are third-party involvement, extensive cloud migration, and compliance failures.

The report notes 22 influencing factors that increase or decrease the per capita cost of a data breach and the chart below visualizes those factors and their additional costs or savings from the average in U.S. Dollars.

As shown above, third party involvement has the largest impact, increasing costs by an average of $13 per record. Extensive cloud migration comes in at second, increasing costs by $12 per record. And compliance failures surprisingly tie with it at an additional $12 per record.


Figure 1 illustrates cost factors for companies in the event of a data breach. However, there are several factors and trends that are expressed within the report and not represented by the chart. Below are details on three of the most compelling.

Smaller companies are hit harder

Companies with fewer than 500 employees incurred an average of $2.5 million worth of costs following a breach. While a large multi-national company could realistically withstand this, for a small business this could be potentially catastrophic. Small businesses only earn about $50 million or less in annual revenue, a data breach could interrupt operations, cause layoffs, or cost the business so much it can no longer afford to operate.

Making America great, one breach at a time

Of course, like almost everything, a data breach in the U.S. costs much more than anywhere else. Breaches in the U.S. cost an average of $8.19 million – which is more than double the global average. Costs associated with a data breach have increased by 130% since 2005!

An apple a day does nothing for security

Healthcare organizations have had the highest costs associated with data breaches for almost a decade. With the huge amounts of valuable data they manage, this shouldn’t be a surprise. This year, the average cost of a data breach was over 60% higher than the cross-industry average at $6.5 million per breach, globally.


This year’s report also highlights behaviors that can reduce costs significantly. Reducing dwell time, authoritative timely communications, hiring a dedicated team, and employing a DRP strategy that addresses third-party risk can all result in savings for your organization in the event of a breach. Terbium Labs’ Matchlight leverages these factors, providing a solution that drives down the cost of a data breach for our customers.

Reduce dwell time

A breach lifecycle under 200 days costs $1.2 million less than a lifecycle over 200 days. In 2018, the mean time to identify (MTTI) was 197 days, and the mean time to contain (MTTC) was 69 days. Reducing these factors can save you millions and you can start monitoring today with Terbium Labs. Companies that identify a breach in less than 100 days and can contain it in less than 30 can save over $1 million. With Terbium Labs’ Matchlight, you can significantly reduce your dwell time through constant monitoring of your digital assets.

Efficiently communicate

Time and time again, companies are breached and fail to notify customers in a timely, organized, and authoritative way. Breach response is still the largest cost saver and fast, authoritative disclosure and communication can help save your organization millions in regulatory fines, lawsuits, and customer attrition. We can help by providing your organization the visibility, context, and insight you need to message them the right way post-incident.

Invest in a dedicated team

Leveraging services that help bolster and extend your security team can also result in savings. The study identifies the formation of an incident response team as a cost reduction factor. Terbium Labs’ Matchlight solution provides you with a dedicated team of data analysts to help you respond faster and can reduce the cost of a data breach by an average of $360,000. For smaller firms with fewer resources and headcount, Terbium can help supercharge and extend your capabilities. Should your company also implement extensive testing of incident response plans, they could save an average of 1.23 million following a breach.

Third-party risk is an innate business risk – protect your data everywhere

When a partner is breached, it can cost your organization an additional $370,000 in addition to the reputation and shareholder value damage that you incur. Matchlight’s exact match fingerprinting technology makes sure your information is identified and monitored no matter where it may end up or how it got there.


Fortunately, there are activities and policies that your organization can take advantage of that can reduce the cost and Terbium Labs can help. Our Matchlight solution can reduce dwell time, extend your security team with data scientists and dedicated analysts, buffer the impact of third-party vulnerabilities, and give you the ability to communicate effectively after a breach.