Average cost of data breach still rising, says IBM study
Average cost of data breach still rising, says IBM study
According to IBM's 17th Annual Global Study of the Organization's Cost of a Security Incident, the average cost of a data breach continues to climb.
The report released Wednesday said that for the 537 breaches that occurred during the 12-month period ending in March, participants estimated that the data breaches cost their companies an average of $4.24 million per incident (all figures in US dollars). ) Is. has spent. This is the highest cost in the history of the survey.
The report's authors, the Ponemon Institute, also say that proof security incidents became more expensive and difficult as the COVID-19 pandemic forced employees of many organizations to work from home. Many were not using secure corporate computers, nor were they protected by corporate cybersecurity protections.
The report noted that while remote working was a factor in the data breach, the breaches cost an average of more than $1 million, where remote working was not a factor.
The survey included about 3,500 interviews, and looked at data from 17 countries and territories and 17 different industries. Participants estimated their direct costs.
Canada Results
Among the 26 Canadian organizations studied, the average cost was $5.35 million. This was slightly up from the 2020 study. The average number of records exposed in this group was 24,400.
“While it should come as no surprise that the cost of data breaches has hit an all-time high during the pandemic, it should be a clear reminder for businesses to keep security at bay as they accelerate their digital transformation. Don't let it come back ,” Ray Boisvert, IBM Canada's associate partner for security strategy, said in a statement.
“For Canadian financial and technology companies, in particular, which are digitizing faster than others in the country and paying more per lost or stolen record, investments in data security, AI and encryption should be taken into account in the cloud. should be kept in mind. Migration must go along with it."
Detecting and escalating an incident in data breach costs (such as forensic analysis, crisis management and audit services), notifying regulators and victims, post-breach response (help desk costs, credit monitoring for victims), and lost business has been included.
Other findings from the 26 Canadian data breaches studied included:
The cost of financial industry breaches is the highest ever, $383 per lost or stolen record;
Stolen user credentials were the most common method used by attackers globally as an entry point (20 percent of breaches) and for Canadian organizations;
The use of AI, encryption and employee training were the top three mitigation factors shown to reduce breach costs globally and in Canada. The report estimates that Canadian firms using these three strategies saved about $1.2 million compared to those not making significant use of these tools;
While the average time to detect a data breach in Canada increased from 168 to 164 days last year, the average time to prevent a data breach slowed from 58 to 60 days. The global average among the firms studied for detecting and engaging in a data breach was 287 days (212 for detection, 75 for inclusion).
mitigating factors
Globally, the organizations studied also found incident response teams and plans had lower data breach costs than those that did not. Companies with an incident response team whose incident response plan was tested had an average breach cost of $3.25 million, while those that had neither in place had an average cost of $5.71 million.
Another interesting nugget was the effect of zero-trust security strategies among the firms studied. Broadly speaking, zero trust requires the security configuration and currency to be authenticated, authorized, and consistently validated before all users can be granted access to applications and data. Of the global cohort studied, only 35 percent had implemented a zero-trust security approach. However, the mature phase of their zero trust deployment had an average infringement cost that was $1.76 million less than that of organizations with zero trust.
No comments