The cost of a data breach for enterprises in North America increased this year, according to a new report from Kaspersky Lab and B2B International, released Tuesday. The total impact of a data breach now amounts to $1.3 million for large companies–up from $1.2 million in 2016, the report found. Breaches cost an average of $117,000 per incident for small- and medium-sized businesses (SMBs), the report also noted.

After surveying more than 5,000 businesses across 30 countries, Kaspersky Lab found that businesses are beginning to view IT security as a strategic investment, and are increasing security budgets in response. All companies spent 18% of their budget on IT security this year, compared to 16% last year, and this pattern was consistent across both large and small organizations. This year’s increases were driven by the growing complexity of IT infrastructure, the report noted.

Though IT security is receiving a larger portion of the budget, overall budgets are shrinking, the report found. The average IT security budget for enterprises worldwide dropped from $25.5 million in 2016 to just $13.7 million this year–a major concern for businesses, as security breaches are getting more expensive to recover from.

SEE: Information security incident reporting policy (Tech Pro Research)

When a data breach occurs in North America, the top financial losses for enterprises stem from additional staff wages needed ($207,000), while for SMBs, it is from loss of business ($21,000) and employing external professionals ($21,000).

The most costly cybersecurity threats to enterprises are the physical loss of devices or media containing data, the report found. For SMBs, the most costly threats are targeted attacks. It’s key for businesses to recognize these risks and implement proper security measures to mitigate them, the report noted.

”While cybersecurity incidents involving third parties prove to be harmful to businesses of all sizes, their financial impact on a company has the potential to result in twice as much damage,” said Alessio Aceti, head of the enterprise business division at Kaspersky Lab, in a press release. “This is because of a wider global challenge – with threats moving fast, but businesses and legislation changing slowly. When regulations like GDPR become enforceable and catch up with businesses before they manage to update their policies, the fines for non-compliance will further add to the bill.”

Kaspersky Lab also recently released its Kaspersky IT Security Calculator, a free guide to the cost of IT security based on the average budgets being spent (by region, industry and company size), security measures, major threat vectors, and money losses.

Want to use this data in your next business presentation? Feel free to copy and paste these top takeaways into your next slideshow.

  • The average cost of a data breach for enterprise organizations in North America is $1.3 million, and $117,000 for SMBs. -Kaspersky Lab, 2017
  • Companies spent 18% of their budget on IT security in 2017, compared to 16% in 2016. -Kaspersky Lab, 2017
  • The average IT security budget for enterprises globally dropped from $25.5 million in 2016 to $13.7 million in 2017. -Kaspersky Lab, 2017