Spurred by Remote Work, Average Data Breach Cost Surges to $4.24 Million

Hilary Tuttle


October 1, 2021

A person's hands typing on a laptop keyboard with an overlay of brightly colored locks and binary code.

Over the past year, the average total cost of a data breach surged to $4.24 million, a record in the 17-year history of IBM Security’s annual Cost of a Data Breach Report. Remote work was a driving force behind these rising costs. According to IBM, “Security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year.” Almost 20% of companies reported that remote work was a key factor in causing their data breach event, and these breaches cost an average of over $1 million more than those unrelated to remote work ($4.96 million versus $3.89 million).

Organizations with more than 50% of employees working remotely also took 58 days longer to identify and contain breaches. Encompassing “increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation,” lost business accounted for the largest share of data breach costs at 38%, and an average total of $1.59 million. The financial toll of incidents continues to vary widely by region—breaches were most expensive in the United States, at an average $9.05 million per incident, followed by the Middle East at $6.93 million and Canada at $5.4 million.

Hilary Tuttle is managing editor of Risk Management.