Data breach costs surge to record high in 2021

The world lit up with red nodes
(Image credit: Shutterstock)

The average cost of a data breach has risen to $4.24 million (roughly £3.03 million) per incident globally thanks to technological shifts such as increased remote working and the adoption of cloud technologies.

This is the highest amount in the 17-year history of IBM’s annual data breach costs report, with the average cost of an incident in the UK rising by 8% to £3.36 million. The average cost for each individual record was £131, meanwhile, with the records in the services sector proving the most lucrative, at £191 per record.

A rapid shift to remote working is among the factors fuelling the rise in data breach costs, with incidents costing on average $4.96 million (£3.57 million) when remote working was a factor versus $3.89 million (£2.8 million) otherwise.

Roughly 60% of businesses were forced to move further into cloud-based activities during the pandemic too, with these changes feeding into an overall 10% rise in the cost of data breaches to $4.24 million (£3.05 million).

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said vice president and general manager at IBM Security, Chris McCurdy.

“While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line.”

Stolen user credentials were the most common cause of breaches in the study, with customer personal data the most common type of information exposed. What’s more, this combination of factors could cause a spiral effect, with breaches of login details providing attackers with the capabilities to launch additional attacks.

In terms of mitigation factors, meanwhile, the study showed that the adoption of AI, security analytics and encryption were among the biggest three mitigating factors that reduced the average cost of a breach. These three would save companies between $1.25 million (£900,000) and $1.49 million (£1.07 million) compared to those which didn’t have significant usage of these tools.

For cloud-based data breaches, organisations with a hybrid cloud approach had lower data breach costs of $3.61 million (£2.6 million). This is against a cost of $4.8 million (£3.46 million) for those with primarily a public cloud setup and $4.55 for businesses with a primarily private cloud approach.


The Total Economic Impact™ of IBM Spectrum Virtualize

Cost savings and business benefits enabled by storage built with IBMSpectrum Virtualize


As IBM’s Chris McCurdy alluded to, organsations that have adopted a zero-trust security model reported being better positioned to handle data breaches. This is because the approach operates on the assumption that user identities on the network itself may already be compromised, and relies on AI and analytics to continuously validate connections between users, data and resources.

Although the cost of a data breach in the UK was above the global average, it was far from the region with the highest costs, with the most expensive breaches in the US, with $9.05 million (£6.52 million) per incident. This was followed by the Middle East, at $6.93 million (£4.99 million) per incident, and Canada, at $5.4 million (£3.89 million) per breach.

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.