The True Cost of a Breach is Hard to Pin Down

By: Arieanna Schweber | 8/15/2016

As organizations work to determine their overall risk and risk response plans, data breach cost is an important figure in these calculations. But the science of estimating the total costs of a data breach cost remains elusive.

The Ponemon 2016 Cost of Data Breach Study suggests that the global average consolidated total cost of a data breach is now at $4 million, or $158 per record. Most costs in this report are attributed to forensics, communications, legal expenditures and regulatory mandates. And yet, the average figures do not speak well to specific breach incidents. Target recently updated the cost of its 2013 data breach to $291 million, with the company estimating that costs may yet rise to $370 million. The company originally estimated costs would be in the $61 million range, so it’s clear that costs have continued to accrue at a rapid pace over time.

Soft and Hard Costs After a Breach

From these examples, we see how difficult it is to assign a definitive hard cost to individual data breaches. This struggle contributes to the inaccurate overall representation of data breach costs across industries. As demonstrated by Robert Lemos on eWeek, it's not a matter of simply tallying the damages. Investigations and legal proceedings can take many years, both with regulatory bodies and with class action lawsuits. Soft costs are often overlooked: increases to insurance premiums, business disruptions, lost customers, lost contract revenue, costs to raise dept, loss of intellectual property and loss of brand value.

According to a report by Deloitte, these hidden costs can account for more than 90% of the true total cost of a data breach.

Don’t let a costly data breach catch you by surprise. Instead, assume you are at risk and take steps to shore up the most likely risk points, including mobility, the cloud and the Insider Threat. Through a depth-of-defense or layered approach, your organization will be better prepared to prevent, detect and respond to security incidents.

Absolute provides persistent endpoint security and data risk management solutions for thousands of customers around the globe. By providing them with a persistent connection to all of their devices, our customers can secure endpoints, assess risk, and respond appropriately to security incidents. Learn more at

Financial Services