Cost of a Data Breach Report2019

Executive summary

IBM Security and Ponemon Institute are pleased to release the 2019 Cost of a Data Breach Report1. Based on in-depth interviews with more than 500 companies around the world who have experienced a data breach between July 2018 and April 2019, the analysis in this research study takes into account hundreds of cost factors, from legal, regulatory and technical activities, to loss of brand equity, customer turnover, and the drain on employee productivity.

Now in the 14th year of the Cost of a Data Breach Report, we included historical data showing trends for a range of metrics over a period of several years. The research continues to evolve, with consideration for the changing nature of information technology, data regulation, and security tools and processes. Above all, this report shows IT professionals, business leaders, researchers and the broader security community that, although the consequences of data breaches are severe, there are concrete ways organizations can mitigate costs and potentially improve their overall security posture.

Place Holder, here are the cost of a data breach highlights
Global Averages
Average total cost of a data breach
Average size of a data breach
25,575 records
Cost per lost record
Time to identify and contain a breach
279 days
Highest country average cost of $8.19 million
United States
Highest industry average cost of $6.45 million

What's New in 2019

This year’s Cost of a Data Breach Report explores several new avenues for understanding the causes and consequences of data breaches. For the first time, this year’s report details the “long tail” of a data breach, demonstrating that the costs of a data breach can be felt for years after the incident. The report also examines new organizational and security characteristics that can impact the cost of a data breach, including: the complexity of security environments; operational technology (OT) environments; extensive testing of incident response plans; and the process of closely coordinating development, security, and IT operations functions (DevSecOps).

Continuing to build on previous research, the 2019 report examines trends in the root causes of data breaches and the length of time to identify and contain breaches (the breach lifecycle), plus the relationship of those factors to the overall cost of a data breach. Following the 2018 report’s initial examination of “mega breaches” of greater than 1 million lost or stolen records, we continue this research with comparative data for 2019. And for the second year, we examined the cost impacts of security automation, and the state of security automation within different industries and regions.

Key findings2