According to a new study from IBM Security and the Ponemon Institute, the cost of a data breach for healthcare organizations continues to rise, from $380 per record last year to $408 per record this year. 

For the eighth year in a row, healthcare organizations had the highest costs associated with data breaches. The next highest industry was financial services with an average of $206 per lost or stolen record - half of what it cost the healthcare industry. The cost for healthcare organizations is also nearly three times higher than the cross-industry average of $148 per lost or stolen record.

The study found that the average cost of a data breach across industries and countries is $3.86 million, a 6.4 percent increase from 2017 and a nearly 10 percent net increase over the past five years.

 Photo by  rawpixel  on  Unsplash

Photo by rawpixel on Unsplash

The 2018 Cost of a Data Breach Study, is based on a survey of more than 2,200 IT, data, protection and compliance professionals from 477 companies in 15 countries.

The study also compared the cost of data breaches in different regions, finding that data breaches are the costliest in the U.S. and the Middle East, and least costly in Brazil and India.  U.S. companies experienced the highest average cost of a breach at $7.91 million.

According to the report, the costs of breaches are high in healthcare, not just due to the superficial network and system damage or data theft. Instead, the main cause is a loss of reputation that leads to a lack of information, strained relationships with other businesses, education and a loss of customers. One of the biggest reasons is a loss of time, when employees are doing damage control after a breach.

The type of breach also affects costs, with cyberattacks and malicious insiders costing about $157 per record across all industries. System glitches cost about $131 per record to resolve, and human errors cost $128 on average.

The study examined factors that increase or decrease the cost of a breach, finding that costs are heavily impacted by the amount of time spent containing a data breach, as well as investments in technologies that speed response time. 

The average time to identify a data breach in the study was 197 days, and the average time to contain a data breach once identified was 69 days. 

Companies who contained a breach in less than 30 days saved over $1 million compared to those that took more than 30 days.

The report also examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach. The analysis found that organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach.

“The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs.,” said Whitmore. “Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake."


Breadcrumb is a cybersecurity and executive advisory firm. Located in Central California, we partner with organizations throughout the US, protecting their critical assets from cyber breach. Contact us today for a no-obligation consultation.