A new report released from the Ponemon Institute and IBM Security advised that data breaches are now costing organizations almost $4 million. The report, titled ‘The Annual Cost of a Data Breach’ presented an in-depth look at what the financial implications were for small, medium, and large businesses.
Over 3,000 people employed for 524 organizations that were impacted by data breaches between August 2019 and April 2020 were interviewed. These organizations were spread across multiple countries and industries. Some key findings included that in 80% of breaches, personally identifiable information was exposed, and the United States experienced the highest average cost per breach at $3.86 million. The most frequently targeted industry was healthcare.
Over 75% of the respondents also advised that they predicted that an organization’s data breach response methods will become more difficult as teleworking increases. Wendy Whitmore, the vice-president of IBM X-Force Threat Intelligence stated that “When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” and “At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems, and data. Security automation can help resolve this burden, not only enabling a faster breach response but a significantly more cost-efficient one as well.”
Some other report highlights included the following:
Based on the security posture of an organization, there was a large scale in the cost of breaches. Enterprise organizations not armed with full-fledged security saw losses beyond $6 million, whereas organizations with protection averaged losses around $2.45 million.
The most damaging of attacks were those sponsored by nation-states, averaging at $4.4 million in losses. The study stated that “While the average cost per lost or stolen record was $146 across all data breaches, those containing customer PII cost businesses $150 per compromised record. The cost per record of customer PII increased to $175 in breaches caused by a malicious attack,” as well as “Anonymized customer data was involved in 24% of breaches in the study, at an average cost of $143 per record, which increased to $171 per record in breaches caused by malicious attacks.”
The most popular attacks consisted of stolen or compromised credentials and third-party vulnerabilities. The study indicated that close to 20% of organizations impacted by a data breach claimed it originated from compromised credentials.
Over 50% of all breaches included in the report were due to malicious attacks, while system glitches and a human error accounted for some of the compromised data. Aside from stolen credentials, another common problem was misconfigured cloud servers, estimated to have cost companies almost $5 trillion alone this year. When breaches involved cloud misconfigurations, the average cost of the breach typically rose by over half a million dollars.
Nearly half the cost of breaches for most organizations was a result of lost business stemming from items like system downtime, customer turnover, and tainted reputations from publicity covering the breach.
While the United States ranked highest for the average cost of breaches, other countries showed different trends. Germany, Australia, and the Middle East were the most common targets for malicious attacks, whereas Canada, Brazil, and South Africa reported the lowest malicious attacks percentage. The highest number of data breaches caused by system glitches was in Canada.
No matter what the size of your business is, you must have proper full-fledged cybersecurity protection in place and be confident that your systems are properly configured. These tasks require a specialized skill set, which can be difficult or costly for many organizations to obtain. Our Managed Services prioritizes the right solutions for your unique business to ensure that IT infrastructure is protected, properly configured, and secure.
To learn more about how MBC can help protect your business from a data breach, get a free assessment today.