IBM Security on Wednesday released its latest report examining the costs and impact associated with data breaches. The findings paint a grim portrait of what the clean up is like for companies whose data becomes exposed—particularly for larger corporations that suffer so-called “mega breaches,” a costly exposure involving potentially tens of millions of private records.

According to the IBM study, while the average cost of a data breach globally hovers just under $4 million—a 6.4 percent increase over the past year—costs associated with so-called mega breaches (an Equifax or Target, for example) can reach into the hundreds of millions of dollars. The average cost of a breach involving 1 million records is estimated at around $40 million, while those involving 50 million records or more can skyrocket up to $350 million in damages.

Of the 11 mega breaches examined by IBM, 10 were a result of criminal attacks.

The average amount of time that passes before a major company notices a data breach is pretty atrocious. According to IBM, mega breaches typically go unnoticed for roughly a year.

[…]

Other key findings of the study include:

  • The average time to identify a data breach is 197 days, and the average time to contain a data breach once identified is 69 days.
  • Companies that contained a breach in less than 30 days saved over $1 million compared to those that took more than 30 days ($3.09 million vs. $4.25 million average total).
  • Each lost or stolen record costs roughly $148 on average, but having an incident response team (surprising, not every company does) can reduce the cost per record by as much as $14.
  • The use of an AI platform for cybersecurity reduced the cost by $8 per lost or stolen record.
  • Companies that indicated a “rush to notify” had a higher cost by $5 per lost or stolen record.
  • U.S. companies experienced the highest average cost of a breach at $7.91 million, followed by firms the Middle East at $5.31 million.
  • Lowest total cost of a breach was $1.24 million in Brazil, followed by $1.77 million in India.

Source: ‘Mega’ Data Breaches Cost Companies a Staggering Fortune, IBM Study Finds