This is part of the findings by Verizon security analysts using a new assessment tool to measure the financial impact of a hacking attack.
The key takeaways came from the US-based firms' 2015 Data Breach Investigations Report (DBiR), which analysed over 2,100 confirmed data breaches and some 80,000 reported security incidents between 2014 and 2015.
"Verizon security analysts used a new assessment model for gauging the financial impact of a security breach based on the analysis of nearly 200 cyber liability insurance claims," Verizon said, in a statement today.
"The model predicts that cost of a breach involving 10 million records will fall between USD 2.1 million and USD 5.2 million (95 per cent of the time) and depending on circumstances, could range up to as much as USD 73.9 million," the report stated.
"For breaches with 100 million records, the cost will drop between USD 5 million and USD 15.6 million (95 per cent of the time) and could top out at USD 199 million."
The report indicated that, in general, mobile threats are overblown.
Verizon security researchers explained that the bulk (96 per cent) of the nearly 80,000 security incidents analysed this year can be traced to nine basic attack patterns that vary from industry to industry.
The threat patterns include miscellaneous errors such as sending an e-mail to the wrong person or crimeware (various malware aimed at gaining control of systems) or Web app attacks, cyber espionage, point-of-sale intrusions and payment card skimmers.