RESEARCH TRIANGLE PARK – Think providing cutting-edge or at least adequate network security is too expensive? Think again.
If your company suffers a data breach, it’s going to cost millions to repair the damage. With hackers and ransomware theives running amok these days, a new report from IBM is timely, indeed.
IBM says a breach costs on average $4.24 million, based on information provided by companies for the study. That’s 10% higher from the previous annual report.
And the COVID-19 pandemic gets part of the blame.
“Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organizations moving further into cloud-based activities during the pandemic,” IBM says. “The new findings released today suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.”
Here are some of the highlights from the Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security,:
- Remote work impact: The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost over $1 million more on average when remote work was indicated as a factor in the event, compared to those in this group without this factor ($4.96 vs. $3.89 million.)2
- Healthcare breach costs surged: Industries that faced huge operational changes during the pandemic (healthcare, retail, hospitality, and consumer manufacturing/distribution) also experienced a substantial increase in data breach costs year over year. Healthcare breaches cost the most by far, at $9.23 million per incident – a $2 million increase over the previous year.
- Compromised credentials led to compromised data: Stolen user credentials were the most common root cause of breaches in the study. At the same time, customer personal data (such as name, email, password) was the most common type of information exposed in data breaches – with 44% of breaches including this type of data. The combination of these factors could cause a spiral effect, with breaches of username/passwords providing attackers with leverage for additional future data breaches.
- Modern approaches reduced costs: The adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools. For cloud-based data breaches studied, organizations that had implemented a hybrid cloud approach had lower data breach costs ($3.61m) than those who had a primarily public cloud ($4.80m) or primarily private cloud approach ($4.55m).
“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” explained Chris McCurdy, Vice President and General Manager of IBM Security. “While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line.”
To download a copy of the report, visit: ibm.com/databreach