The oft quoted (and sometimes derided) Ponemon study puts the average cost of a breach in the US at $8.19m. This study suggests a much higher figure for public companies…:
[…] The report, “Trends in Cybersecurity Breach Disclosures,” reviewed 639 cyber-security breaches at public companies since 2011 and found that the average cost of a cyber-breach to a publicly traded company was $116 million.
In 2019, according to the report, the information hackers most often obtained through data breaches was customer names, addresses, and e-mail addresses (48 percent, 29 percent, and 28 percent, respectively). This was a change from 2018, when names and credit card information topped the list of information most compromised.
Further, the report says, the most common methods hackers successfully used to obtain company data from 2011 to 2019 was malware (34 percent), phishing (25 percent), unauthorized access (20 percent), and misconfiguration (12 percent). A significant 43 percent of firms that experienced a data breach, however, did not disclose the type of attack.
Besides enforcement penalties, the Audit Analytics report said the two elements that have the most significant financial impact of a breach to a company are remediation costs and hits to stock market values.