Far from running into millions, the average cost of a data breach is less than $200,000, or roughly what firms are spending on IT security systems, according to a study from non-profit thinktank RAND.
The study, published in the Journal of Cybersecurity, challenges the much higher cost estimates provided by the Ponemon Institute. This year that research organization put the average cost of a breach at $4m.
RAND policy researcher Sasha Romanosky analyzed 12,000 events between 2004 and 2015 and found that the cost to each firm was on average less than $200,000. This figure is on a par with the 0.4 percent of revenues that firms in the study spent annually on IT security.