The cost of a data breach

According to the 2018 Cost of Data Breach Study, the average cost of a data breach is $3.86 million (around £2.95 million), with an average cost per lost or stolen record of $148 (around £113).

But what factors contribute to this cost?

As well as having to pay hefty fines for suffering a breach, there are costs associated with reputational damage, customer loss and fall in stock price, not to mention the cost needed to recover from the incident and return to ‘business as usual’.

By looking at some of the best-known data breaches, we can observe the effects they can have and how much they really can cost.


The 2017 Equifax data breach resulted in significant loss, with at least 147.9 million people’s personal data being compromised. According to Equifax’s financial report for the first quarter of 2018, the breach had cost the organisation $242.7 million (£184.9 million), plus another £500,000 in fines from the UK ICO (Information Commissioner’s Office) in August 2018. Equifax also suffered an 18% drop in share prices following the breach.


In 2016, Uber suffered a data breach that affected 57 million customers and drivers. Uber initially paid $100,000 (around £76,500) to the hackers to try and cover up the breach, but disclosed it a year later, and now face a bill of $148 million (around £113 million) in settlement fees.


Yahoo’s 2014 data breach – one of the biggest data breaches on record – had a whopping 3 billion customer records stolen, after initially estimating that only 500 million customers had been affected. This breach resulted in Verizon reducing its offer to buy the company by $350 million (around £268 million).

Talk Talk

Back in 2015, Talk Talk suffered from a cyber attack at the hands of a 17-year-old who compromised more than 400 million accounts. This breach cost the company £60 million, and resulted in the loss of 101,000 customers.


Target’s 2013 data breach resulted in the theft of 40 million payment details and 70 million other customer records. The total cost of the breach was $252 million (around £193 million).

All of the breaches above occurred before the introduction of the EU’s GDPR (General Data Protection Regulation). With the GDPR now in effect, the penalties alone can stack up to €20 million (around £17.8 million) or 4% of global annual turnover, whichever is higher.

Are you prepared?

The more you prepare your organisation for a breach, the smaller its impact, should one occur. Our new, free #BreachReady quiz will let you know how prepared your organisation is, as well as giving you a personalised summary of how you can improve your breach readiness.

Take the quiz >>