The cost of a data breach

According to Ponemon’s 2018 Cost of Data Breach Study, the average cost of a data breach is $3.86 million (around £2.95 million), with an average cost of $148 (around £113) per lost or stolen record.

But what factors contribute to this cost?

As well as having to pay hefty fines for suffering a breach, there are costs associated with reputational damage, customer loss and fall in stock price, not to mention the resources needed to recover from the incident and return to ‘business as usual’. By looking at some of the best-known data breaches, we can observe the effects they can have and how much they really can cost.


The 2017 Equifax data breach saw at least 147.9 million people’s personal data compromised. According to Equifax’s financial report for the first quarter of 2018, the breach had cost the company $242.7 million (around £185 million), plus another £500,000 in fines from the UK’s ICO (Information Commissioner’s Office) in August 2018. Equifax also suffered an 18% drop in share price following the breach.


In 2016, Uber suffered a data breach that affected 57 million customers and drivers. Uber initially paid $100,000 (around £76,500) to the criminal hackers to try and cover up the breach, but disclosed it a year later. It now faces a bill of $148 million (around £113 million) in settlement fees.


In Yahoo’s 2014 data breach – one of the biggest data breaches on record – a whopping 3 billion customer records were stolen, significantly more than initial estimates that only 500 million customers had been affected. This breach resulted in Verizon reducing its offer to buy the company by $350 million (around £268 million).


Back in 2015, TalkTalk suffered a cyber attack at the hands of a 17-year-old who compromised more than 400 million accounts. This breach cost the company £60 million, and resulted in the loss of 101,000 customers.


Target’s 2013 data breach resulted in the theft of 40 million payment details and 70 million other customer records. The total cost of the breach was $252 million (around £193 million).

All of these breaches occurred before the EU’s GDPR (General Data Protection Regulation) was enforced. With the GDPR now in effect, the penalties alone can stack up to €20 million (around £17.5 million) or 4% of global annual turnover, whichever is higher.

Are you prepared?

The more you prepare your organisation for a breach, the smaller its impact, should one occur. Our free white paper ‘Cyber criminals never give up – nor should you!’ can help check your readiness and improve your breach readiness. Download it here.

How Vigilant Software can help

Vigilant Software aims to make data protection, cyber security, information security and risk

management straightforward and affordable for all. Drawing on our years of experience developing and deploying risk management tools and services, our product range reduces the complexity of your cyber security implementation project.

Our tools – Compliance Manager, the Data Flow Mapping Tool and vsRisk Cloud – make it

easy for you to identify your legal requirements, understand the data you process and conduct

information security risk assessments in line with international best practice.

Suitable for organisations of all sizes, vsRisk Cloud is a leading information security risk assessment tool that delivers fast, accurate, auditable and hassle-free risk assessments year after year. Fully aligned with ISO 27001, it significantly cuts the consultancy costs typically associated with information security risk assessments, and helps protect your organisation from the penalties and financial losses associated with data breaches.

The Data Flow Mapping Tool simplifies the process of creating data flow maps, giving you a thorough understanding of the personal data your organisation processes and why, where it is held and how it is transferred.

Avoid spending significant time and money researching relevant laws and regulations for your organisation with Compliance Manager. This software makes it easy to identify your legal and regulatory information security requirements.

Find out more about protecting your organisation from a data breach

Watch our short introductory videos: vsRisk Cloud, Data Flow Mapping Tool and Compliance Manager.

To request a demo of vsRisk Cloud, the Data Flow Mapping Tool and/or Compliance Manager, please click here.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.