The average cost of a business data breach today is just over $15 million, according to a new analysis from Black Kite, a third-party risk intelligence platform.
Black Kite’s report, “The Cost of a Data Breach: A New Perspective,” examined the financial impact of 2,400 cyber incidents between 2017 and 2022 and found that of the 1,700 companies with a digital presence that could still be monitored, the average data breach cost was $15.01 million.
Here are a few other key findings from the report:
- Including outliers, the average cost of a data breach is $75 million, but it drops to $15 with outliers removed.
- Conti, a ransomware the U.S. government believes to be linked to Russia, is the most financially devastating threat actor. Its 10 attacks averaged a cost of about $85 million.
- About 80% of the 1,700 breached companies included in the analysis remain highly susceptible to phishing attempts.
- Finance and insurance had the highest number of incidents (445), with an average cost of about $35 million.
“Few businesses understand the true cost of a single data breach. Aside from reputational damage and irreparable disruption to business operations, the financial impact can be lethal,” Bob Maley, CSO of Black Kite, said in a news release.
The global cost of cybercrime is expected to hit $10 trillion in the next three years — up $7 trillion from 2015 — yet breaches continue apace.
“There are dozens of breaches that have occurred within the last 12 months that have not yet been publicly reported,” Jeffrey Wheatman, senior vice president at Black Kite, said in the news release. “Open-Source Intelligence resources provide predictive visibility into this data, allowing leaders to take a proactive approach.”
