Insights from IBM’s Data Breach Report
Cybersecurity is a crucial component of technology to which all IT leaders should pay close attention. Cyberattacks are ever-evolving and costly for victimized organizations. Understanding the cybersecurity landscape and its most prominent threats is crucial for building a solid prevention and mitigation strategy.
IBM Security released its 15th annual Cost of a Data Breach report in 2020, analyzing over 500 breaches between August 2019 and April 2020. They examined organizations of all sizes from around the world.
Today, we’ll share some of the biggest takeaways that IT leaders can get from the report.
New in the 2020 Report
The 2020 report started gathering data before COVID-19 began, but the team made sure to inquire about the impact of remote workforces. Over 75 percent of organizations expected remote work to make it more challenging to handle a data breach.
Overall, the report dives further into some of the core components of data breaches. New for this year, the report also asked participants to identify the presumed threat actor for the breach.
The Average Cost of a Data Breach
One of the most prominent findings from the report was the average cost of a data breach. IBM found that the average total cost declined by about -1.5% since the previous year. On the surface, this seems like good news. However, upon diving deeper, the researchers found that the costs increased for many organizations. According to the report, costs were “much higher for organizations that lagged in areas such as security automation and incident response processes” (8).
Data breaches cost companies in many ways. When organizations face a data breach, they must resolve the attack, mitigate data loss, and rebuild more robust security measures. Often, this leads to temporary closures. Lost business is the most significant contributing factor to the cost of a data breach. The lost business accounted for 40 percent of the average total cost of a data breach (10)—this forces organizations to reckon with customer turnover, lost revenue, and a damaged reputation.
Security Automation
Security automation proved vital for controlling data breach costs. The importance of security automation has grown significantly over the last three years. Businesses with “fully deployed security automation, defined as the use of artificial intelligence platforms and automated breach orchestration, grew from just 15 percent in 2018 to 21 percent in the 2020 study” (10).
The businesses with deployed security automation saw an average cost of a data breach that was just half of the cost for businesses without a deployed security automation.
Type of Information Compromised
According to the report, the most commonly compromised data type was customers’ personally identifiable information (PPI). it was also the costliest type of data breach, costing an average of $150 per record.
Following PPI, the next most common type of data compromised was intellectual property (32 percent), anonymous customer data (24 percent), other corporate data (23 percent), and employee PPI (21 percent).
For organizations, this indicates an urgent need to protect customers’ data. Cyber attackers seek out this kind of information, and it can harm your organization monetarily and in terms of reputation. Protecting the personal information of customers and clients is paramount for solid cybersecurity.
Causes of Data Breaches
Data from the report included the COVID-19 pandemic. During the pandemic, remote work became more common than ever. Experts expected remote work to increase the chances, response time, and cost of data breaches. The report found that having a remote workforce increased the average total cost of a data breach by $137,000 (9). This finding further indicates the importance of having a detailed cybersecurity strategy that addresses remote work concerns.
Additionally, the report discovered that the most expensive cause of malicious data breaches was stolen or compromised credentials. Nineteen percent of companies experienced a malicious data breach due to stolen or compromised credentials (9). Securing credentials is a simple yet very effective way to prevent data breaches. Organizations must educate employees on protecting their credentials and create cybersecurity protocols that address this issue.
Another major cause of data breaches was misconfigured clouds. Cloud misconfigurations led to 19 percent of malicious attacks. As organizations transition to cloud systems, they must ensure they take the proper precautions.
Data Breach Cost Saver
Preparation matters big time when it comes to dealing with data breaches. The report found that incident response preparedness brought down the total average cost by -$2 million and that it was the most significant cost-saver for businesses (12). Organizations that developed incident response preparedness tested their plans using simulations. This finding demonstrates the importance of not only preventing cyber attacks but also preparing to address them.
The report is filled with even more helpful information about cybersecurity and data breaches that organizations should learn from. To read the entire report, click here.