top of page

Average Cost of Data Breach Grows to $4M Globally, $7M in the U.S.

IBM and the Ponemon Institute recently published the latest results of their global study measuring the financial impact of data breaches to the victim companies. While the global average increased to $4 million, up from $3.8 million last year, organizations in the United States, Germany and Canada incur $5 million or more in losses per data breach on average, while certain industries, like healthcare and financial services, tend to have a higher cost per compromised record.

The average cost of a data breach has risen 29 percent since 2013 globally, now at $4 million. This is based on a survey of nearly 400 data breaches that occurred worldwide, including 88 in the U.S. and Canada. Of all nations, the United States had the highest average cost per data breach at $7.01 million. Germany and Canada had the next highest average cost at about $5 million each.

India had the highest number of records compromised in data breaches according to survey, but also had the lowest average cost per data breach at $1.6 million. The Arabian region and United States had the next highest number of records compromised.

While there is quite a bit of variation in the average total costs of data breaches across different countries and regions, the industry of the organization that suffered the data breach may be a more meaningful factor. The average cost per record compromised ranges from $80 per record in the public sector to $355 per record for healthcare data breaches. The financial services industry also has a higher data breach cost at $221 per record, while the retail sector reported an average cost of $172 per record, a little higher than the overall average of $158 per compromised record. Transportation, media and hospitality are some of the industries where the average cost per breached record is below the overall mean of $158.

The survey also found that organizations in the United States incur the highest cost per record for data breach notifications ($0.59 each) and in post-data breach response costs ($1.72 per victim), with Germany having the second highest costs for each of these. South Africa has one of the lowest per breach victim expenditure requirements in terms of notification costs ($0.04) and post breach responses costs ($0.52).

For more information:


bottom of page