A global survey on the financial impact of data breaches on organizations by IBM Security revealed that security incidents cost $3.86 million per breach on average for companies. The survey “Cost of a Data Breach Report 2020” stated that around 80% of security incidents resulted in the exposure of customers’ personally identifiable information (PII), which in turn led to huge losses for businesses. It is found that organizations in the U.S. continue to suffer the highest data breach costs in the world, at $8.64 million on average. This is followed by health care providers with the average breach cost at $7.13 million.
Cost of Data Leaks and Misconfigured Clouds
The survey highlights the financial losses that organizations suffer when employees’ sensitive data is compromised. The stolen or compromised employees’ credentials and cloud misconfigurations were the most common causes of a malicious breach, with nearly 40% of malicious incidents reported in 2019. Over 8.5 billion records were exposed in 2019, and threat actors used previously exposed emails and passwords in one out of five data breaches.
Attackers used cloud misconfigurations to breach networks nearly 20% of the time, increasing breach costs by more than half a million dollars to $4.41 million on average – making it the third most expensive initial infection vector.
AI and Automation Reduce Costs
The survey revealed a cost-saving difference of $3.58 million for studied companies with fully deployed security automation versus those that have yet to deploy advanced technology, with a cost gap of $2 million, up from $1.55 million in 2018. It is found that artificial intelligence (AI), machine learning, analytics, and other forms of security automation enabled companies to respond to breaches over 27% faster on average, than companies that have yet to deploy security automation. On average companies with no automation takes 74 additional days to identify and contain a breach.
Other Key Findings include:
- 70% of companies that adopted telework amid the pandemic expect it will exacerbate data breach costs
- 46% of respondents said the CISO/CSO is ultimately held responsible for the breach, despite only 27% stating the CISO/CSO is the security policy and technology decision-maker. The report found that appointing a CISO was associated with $145,000 cost savings versus the average cost of a breach
- Organizations with cyber insurance cost on average nearly $200,000 less than the global average of $3.86 million. In fact, of these organizations that used their cyber insurance, 51% applied it to cover third-party consulting fees and legal services, while 36% of organizations used it for victim restitution costs. Only 10% used claims to cover the cost of ransomware or extortion
- In incidents where attackers accessed corporate networks using stolen or compromised credentials, studied businesses saw nearly $1 million higher data breach costs compared to the global average – reaching $4.77 million per data breach. Exploiting third-party vulnerabilities was the second costliest root cause of malicious breaches ($4.5 million) for this group
Wendi Whitmore, Vice President, IBM X-Force Threat Intelligence, said, “When it comes to businesses’ ability to mitigate the impact of a data breach, we are beginning to see a clear advantage held by companies that have invested in automated technologies. At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems, and data. Security automation can help resolve this burden, not only supporting a faster breach response but a more cost-efficient one as well.”