RESEARCH TRIANGLE PARK – Just a day after Equifax reached a $700 million settlement for a massive data breach, IBM reports today that the cost of similar incidents at US companies has soared to more than $8 million “on average.”

That’s double the average in 2006.

And medium as well as small businesses are especially vulnerable, says IBM and the Ponemon Institute.

“In the study, companies with less than 500 employees suffered losses of more than $2.5 million on average – a potentially crippling amount for small businesses, which typically earn $50 million or less in annual revenue,” IBM says.

Companies also need time to recover from attacks which often go undetected for months.

“This year’s report found that the average lifecycle of a breach was 279 days with companies taking 206 days to first identify a breach after it occurs and an additional 73 days to contain the breach,” IBM says.

IBM graphic

IBM graphic

A faster response can help save money, the study adds.

“However, companies in the study who were able to detect and contain a breach in less than 200 days spent $1.2 million less on the total cost of a breach.”

IBM Security’s annual study of costs associated with data breaches says worldwide the average is now nearly $4 million, up 12 percent over the past five years.

Costs associated with the breaches include the financial impact that can stretch over several years as well as the “complex process” of recovering from an incident and associated regulation.

IBM says its study for the first time calculates what it calls the “longtail financial impact” of data breaches and points out the fallout can be felt for years,

“While an average of 67% of data breach costs were realized within the first year after a breach, 22% accrued in the second year and another 11% accumulated more than two years after a breach,” IBM says.

Mammoth data breach to cost Equifax some $700M; NC gets nearly $5M

“The longtail costs were higher in the second and third years for organizations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.”

Executives at more than 500 companies which had suffered a data breach over the past three years were interviewed for the report.

“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services, in a statement. “With organizations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

Read more about the study online.