The annual cost of worldwide data breaches will surpass $5 trillion by 2024, with North American businesses absorbing the highest share, according to a newly published Juniper Research report.
Current yearly cost totals sit at $3 trillion, which means the jump to $5 trillion in five years represents an average annual growth of 11 percent.
The significant upswing “will primarily be driven by increasing fines for data breaches as regulation tightens, as well as a greater proportion of business lost as enterprises become more dependent on the digital realm,” Juniper explains in a company press release announcing the release of its report, titled “The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024.”
Other direct and indirect costs will include hardware replacement, staff additions, abnormal churn and company devaluations, Hampshire, U.K.-based Juniper Research states in its report.
“The EU General Data Protection Regulation is one major contributor to these projected increases,” suggested Tim Erlin, VP of product management and strategy at Tripwire. “Regulations drive improvements in security through fines, which directly impact the cost of a breach… The goal of regulatory fines is to force organizations to spend more on preventive measures by artificially tipping the scales to make breaches more expensive.”
“The fact is, the growth in the cost of data breaches doesn’t seem to have slowed the growth of digital business. Cybersecurity losses are a cost of doing business in the digital age.”
The report splits the world into eight geographic regions: North America, Latin America, Western Europe, Central and Eastern Europe, the Far East and China, the Indian Subcontinent, the rest of Asia Pacific, and Africa and the Middle East. North America leads all projected costs throughout the five-year forecast; however, its share is expected to slightly decline over time as other regions adopt stronger financial penalties.
Juniper’s forecast also anticipates that most breaches through 2024 will target small- and medium-sized enterprises with budgets that are insufficient to adequately defend against cyber threats.