Skip to main content

Woburn, MA – May 24, 2018 – New research from the Kaspersky Lab 2018 B2B Survey shows that the average cost of experiencing a data breach globally is on the rise – with breaches now amounting to $1.23M on average for enterprises (up 24% from $992K in 2017) and $120K on average for SMBs (up 36% from $88K in 2017).

The annual Kaspersky Lab Corporate IT Security Risks survey is a global survey of IT business decision makers, which this year had a total of 6,614 respondents from 29 countries. The 2018 report, “On the Money: Growing IT Security Budgets to Protect Digital Transformation Initiatives” builds upon data from previous years to identify how businesses are adjusting IT security spending to respond to the changing cyberthreat landscape and the financial impact of cyberattacks when they occur.

In North America, the average cost of a data breach for an enterprise has reached $1.6M (up 23% or $300K from $1.3M in 2017) on average. Additionally, North America is the most expensive location for an SMB to suffer a data breach compared to all seven regions in the study. SMBs in the U.S. and Canada have the highest recovery cost, at $149K on average (up 27% or $32,000 from $117K in 2017). 

As the aftermath of a data breach continues to increase, it’s important to understand what types of cybersecurity incidents are occurring that result in a hefty bill, to proactively protect against these threats.

The top most costly incidents 
According to the report, safeguarding data in the cloud is continuing to present new challenges for businesses, with the most expensive cybersecurity incidents over the past year related to cloud environments and data protection. For SMBs, the most expensive cybersecurity incidents globally were related to IT infrastructure hosted by a third-party, which cost $179K on average. For enterprises globally, the expense was related to targeted attacks, costing $1.64M on average. 

For enterprises and SMBs in North America, the top expense is the same, according to the data – with both paying the most for incidents affecting IT infrastructure hosted by a third party at $163K for SMBs and $1.75M for enterprises on average.


Budgeting for IT security: More of a priority
With the cost of IT incidents on the rise, businesses are realizing that they have to prioritize cybersecurity spending if digital transformation projects are to run smoothly and securely. The portion of IT budgets spent on security has increased in North America over the past year among enterprises, up nine percentage points to 28 percent of the total IT budget and for SMBs, who are up six percentage points at 25 percent. According to the report, enterprises in North America are above the global average for their budgets.

On a global scale, enterprises and SMBs are showing growth in prioritizing IT security spending with a three percentage point rise in 2018. Enterprise companies globally are allocating up to $8.9M on average – or 26 percent – of their IT budgets to cybersecurity, redefining the strategic role of corporate data protection. For SMBs globally, this equates to $246K, or 23 percent of the overall IT budget.  

Motivations for investing in IT security
Investments in IT security can be for a variety of reasons, but the key driver behind additional investment in IT security is the increased complexity of IT infrastructure, as businesses increasingly adopt cloud platforms. 

The research found that the top three motivations for investing in IT security are increased complexity of IT infrastructure (34%), to improve the level of specialist security expertise (34%) and top management wanting to improve defenses (29%). In North America, the top three reasons remained the same.


The combination of these factors shows how businesses are feeling the impact of IT security and illustrates the scale of the challenges they are facing, as they battle to stay secure among digital transformations, new regulations and an evolving cyberthreat landscape.

“To support dynamic business changes and increase efficiency, companies are embracing cloud and business mobility,” said Maxim Frolov, vice president of global sales at Kaspersky Lab. “Cybersecurity has become not just a line item in IT bills, but a boardroom issue and a business priority for companies of all sizes, as evidenced by companies raising their IT security budgets. Businesses expect a strong payoff as the stakes continue to get higher: besides traditional cybersecurity risks, many companies now have to deal with growing regulatory pressures, for example.”

To gain deeper insights into businesses perceptions of IT security spending, including regional breakdowns, please download the full report here. 

To stay ahead of cyberthreats impacting digital transformation, learn more about our next generation cybersecurity portfolio at the official website.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 20 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at

Kaspersky Lab Media Contact: 
Denise Berard 

Kaspersky Lab Report: The Cost of a Data Breach Continues to Grow Worldwide

Kaspersky Lab study finds global data breach costs jumping up more than a fifth for both enterprises and SMBs
Kaspersky Logo