IBM announced results of a global study that found data breaches now cost surveyed companies $4.24 million per incident on average – the highest cost in the 17-year history of the report.
Based on in-depth analysis of real-world data breaches experienced by more than 500 organizations, the study suggests security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10 percent compared to the prior year.
Businesses were forced to adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60 percent of organizations moving further into cloud-based activities during the pandemic. The findings suggest that security may have lagged behind these rapid IT changes, hindering organizations’ ability to respond to data breaches.
The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, identified thedr trends among the organizations studied:
- Remote work impact – The rapid shift to remote operations during the pandemic appears to have led to more expensive data breaches. Breaches cost more than $1 million more on average when remote work was indicated as a factor, compared to those in the group without this factor
- Health care breach costs surged – Industries that faced huge operational changes during the pandemic (health care, retail, hospitality, and consumer manufacturing/distribution) also experienced a substantial increase in data breach costs year over year. Health care breaches cost the most by far, at $9.23 million per incident – a $2 million increase over the previous year.
- Compromised credentials led to compromised data – Stolen user credentials were the most common root cause of breaches in the study. At the same time, customer personal data (such as name, email, password) was the most common type of information exposed in data breaches – with 44 percent of breaches including this type of data. The combination of these factors could cause a spiral effect, with breaches of username/passwords providing attackers with leverage for additional future data breaches.
- Modern approaches reduced costs – The adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those that did not have significant usage of these tools. For cloud-based data breaches studied, organizations that had implemented a hybrid cloud approach had lower data breach costs ($3.61 million) than those who had a primarily public cloud ($4.80 million) or primarily private cloud approach ($4.55 million).
To download a copy of the 2021 Cost of a Data Breach Report, visit: ibm.com/databreach
Sign up for the 2021 Cost of a Data Breach Report webinar at 11 a.m., August 18, here here: ibm.biz/CODBwebinar