IBM Security

IBM Security: Data Breaches From Stolen Employee Accounts Most Common and Most Costly

The business costs of data breaches due to stolen or compromised employee credentials is a growing risk, with an average price tag of $4.77 million per data security breach.  

That’s $1 million more than the average cost of a data breach, according to a new IBM study, Cost of a Data Breach Report. The annual study is based on in-depth interviews with more than 3,200 security professionals at more than 500 global firms that experienced data breaches over the past year.

Whether from malicious actors, human error, or malfunctions in a system, company data breaches remain a serious and growing concern across the globe, with more than 8.5 billion records breached in 2019—and attackers using previously exposed emails and passwords in one out of five breaches studied in this year’s report.

In addition to offering detailed statistics on how breaches occurred and what they cost last year, the study—sponsored by IBM Security and carried out by the Ponemon Institute—also offers recommendations on how to improve security measures and reduce potential damages.

The costs associated with data breaches are vast, including lost revenue, business disruption and brand damage. But they can be mitigated through the right security planning and investments, particularly through the use of automated security systems. The survey found that afflicted companies that had such systems in place sustained damage of $2.45 million per incident. That was much lower than the average cost of breaches—$6.03 million—for organizations that had deployed any security automation technology.

State-sponsored attacks, though a small part of the overall threat picture – 13% of the total – were also found to the mostly costly compared to other types of attackers.  

Other key findings from the survey:

•  Seventy percent of companies that shifted to remote work during the COVID-19 pandemic expect it to lead to higher data breach costs.
•  Breaches that exposed more than 50 million records cost an average of $392 million, up from $388 million during the previous year.
•  While the U.S. still had the highest data breach costs in the world, at $8.64 million on average, Scandinavia experienced the biggest year-over-year increase, rising 13%.
•  Healthcare still saw the highest average breach costs at $7.13 million — a more than 10% increase compared to the 2019 study.

  To download a copy of the report, please visit

→ Sign up for the 2020 Cost of a Data Breach Report webinar on Wednesday, Aug. 12, 2020, at 11 a.m. ET here: