The Average Cost of a Data Breach


Data breaches are not a new phenomenon - but the prevalence of new technology and criminal attacks means the actual cost of a data breach could be soaring for organizations.

In 2021, $4.24 million was spent on average to deal with a data breach incident. This is the highest figure in 17 years since records began and up from $3.86 million in 2020.

Let’s take a look at all the data, from the average cost of a data breach in the US to how many days an organization usually spends on containment.

What you will learn in this article:

How much does a data breach cost - body image illustration of fireman putting out a data breach fire with money flowing out of the fire hose

What is a data breach?

A data breach occurs when unauthorized or confidential information is obtained through illegal practices and poor cybersecurity defenses. Data breaches happen as a result of malicious hackers, human error, or system glitches.

This leads to the loss of sensitive data which could contain personal, professional, or financial information — the number of records lost can escalate into the millions.

With increasingly severe consequences for organizations who fall victim to a data breach — from the financial effects to reputational damage — the imperative for an organization to protect itself against data theft has never been greater.

What is the global average cost of a data breach?

For its 2021 study, IBM assessed real-world data breaches of 100,000 records of over 500 organizations worldwide.

The evidence showed that data breaches had significant financial repercussions for businesses:

  • Globally, the average total cost of a breach was $4.24 million.
  • The average total cost of a data breach increased by the largest margin in seven years — a 9.8% increase on the previous year ($3.86 million).
  • The average cost per lost or stolen record of customer PII (personally identifiable information) was $180.
  • The average total cost of a data breach in the United States was $9.05 million, making it the most adversely affected nation globally.
  • Healthcare organizations experienced the highest average cost of a data breach, for the eleventh year in a row to $9.23 million — a $2 million increase on the year before.
  • The average time to contain a data breach was 287 days. A breach occurring on January 1 that took 287 days to identify and contain, wouldn't be contained until October 14th.
  • The adoption of security AI and automation helped organizations to save $3.81 million in data breach costs. That is a nearly 80% gap with companies that haven’t deployed such solutions.
  • The average cost of a mega breach, for breaches between 50 million and 65 million records, was $401 million.

Common data breach targets

Data breaches usually fall into one of the following categories. The information is usually protected by privacy laws designed to protect consumers and organizations, so obtaining the data by illicit means is the only solution available to hackers and criminals. How much does a data breach cost - ID card illustrating personal information

    Personal information

    While the exact nature of the information in this category can vary, a broad definition is that the data usually relates to details that can help identify a person. Examples: full name, identification number (such as a passport or social security number), date of birth, telephone number. How much does a data breach cost - illustration of credit card with magnifying glass showing enlarge image of person from the card, representing financial information

    Financial information

    Data in this category varies from information held by the banking sector itself, to an individual’s account and card data. Examples: Credit scores, bank account information, credit or debit card details. How much does a data breach cost - illustration of health file with image of heart representing health information

    Health information

    Privacy regulations aim to protect patients from unauthorized release of their healthcare records, as well as associated information such as payment details. Examples: patient records, medication history, healthcare plan information, Medicaid identification numbers.How much does a data breach cost - illustration of health file with image of heart representing health information

    Intellectual property

    This can include product designs or ideas, for which an individual or business may have applied for a patent or copyright. Examples: Product drawings or blueprints, manuscripts, inventions.

Data breaches can involve several types of compromised records — ranging from the unauthorized release of legal or redacted documents to confidential research data conducted by an organization, and one of the most common breaches: security credentials such as passwords or PINs.

The negative consequences of a data breach for an organization are multiple. Even taking into account the potential costs financially (either as a result of compensation or legal fees), companies may also suffer reputational damage from negative press stories and consequently suffer lost business.

Take a look at the 10 biggest data breaches of all time.

Why do data breaches happen?

Here’s a list of some of the most common reasons why data breaches occur.

  • Malware

A type of malicious software designed to harm computer hardware, ransomware is a cybercriminal favorite. A ransomware attack works by encrypting hard drives and data, preventing an organization from accessing their sensitive data.

  • Neglect of Artificial Intelligence

The lack of a security AI or other automation system significantly decreases mitigation to cyber attacks in real time, requiring the need for difficult manual detection and increasing human error.

  • Lack of an incident response plan

An ill-equipped incident response team that doesn't have a pre-defined breach response in place, cannot minimize losses or mitigate data security violations before they cause damage.

  • Phishing attacks

Preferred by cybercriminals as a lack of security awareness makes these so successful, even today. Hackers trick users into revealing personal data or installing malware onto their system by clicking a malicious link sent in an email.

  • Cloud migration

When businesses migrate to the cloud, data and files can go missing, which gives hackers the perfect reason to target insiders and steal their credentials to go fishing for even more valuable information.

Data breach resources

There are numerous guides available on the internet on how to protect yourself against cyber attacks, and calculators so you can estimate the cost of a data breach in your own organization. We’ve summarized a few of the most useful resources here:

You can also always turn to Launchpointe where we offer useful advice, guides, and expert tips to businesses to help them grow, whether it’s about data breach prevention, payment security, or tech trends.

Looking for more information?

Fill out the form below and we'll connect with you.


Thanks for your interest!
We will be in touch soon.