The True Cost of a Breach is Hard to Pin Down
The True Cost of a Breach is Hard to Pin Down

As organizations work to determine their overall risk and risk response plans, data breach cost is an important figure in these calculations. But the science of estimating the total costs of a data breach cost remains elusive.

The Ponemon 2016 Cost of Data Breach Study suggests that the global average consolidated total cost of a data breach is now at $4 million, or $158 per record. Most costs in this report are attributed to forensics, communications, legal expenditures and regulatory mandates. And yet, the average figures do not speak well to specific breach incidents. Target recently updated the cost of its 2013 data breach to $291 million, with the company estimating that costs may yet rise to $370 million. The company originally estimated costs would be in the $61 million range, so it’s clear that costs have continued to accrue at a rapid pace over time.

Soft and Hard Costs After a Breach

From these examples, we see how difficult it is to assign a definitive hard cost to individual data breaches. This struggle contributes to the inaccurate overall representation of data breach costs across industries. As demonstrated by Robert Lemos on eWeek, it’s not a matter of simply tallying the damages. Investigations and legal proceedings can take many years, both with regulatory bodies and with class action lawsuits. Soft costs are often overlooked: increases to insurance premiums, business disruptions, lost customers, lost contract revenue, costs to raise dept, loss of intellectual property and loss of brand value.

According to a report by Deloitte, these hidden costs can account for more than 90% of the true total cost of a data breach.

Don’t let a costly data breach catch you by surprise. Instead, assume you are at risk and take steps to shore up the most likely risk points, including mobility, the cloud and the Insider Threat. Through a depth-of-defense or layered approach, your organization will be better prepared to prevent, detect and respond to security incidents.

Absolute provides persistent endpoint security and data risk management solutions for thousands of customers around the globe. By providing them with a persistent connection to all of their devices, our customers can secure endpoints, assess risk, and respond appropriately to security incidents. Learn more at


Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.