Influenced by the pandemic, data breach costs hit a record high, IBM report shows

The average cost of a data breach is the highest in 17 years, claims a report by IBM Security. An analysis of over 500 breaches organizations experienced in the last 12 months shows that’s remote working made a dire situation worse.

Recent months were awash with high-profile attacks on entities such as network management company SolarWinds, the Colonial Pipeline company, meat processing company JBS and software firm Kaseya. These, however, are far from the only companies to have suffered from data breaches.

IBM report shows that an average data breach costs victims $4.24 million per incident, the highest in the 17 years. For example, last year, the average cost stood at $3.86 million per incident, putting recent results at a 10% increase.

Global differences

Not all regions of the world were affected the same. The average cost of a data breach in the US was $9.05 million, more than double that of the global average. According to the report, the Middle East experienced the second-highest cost with $6.93 million per incident, followed by Canada with $5.40 million per data breach.

CyberNews personal data leak checker: see if your online accounts were exposed in previous security breaches

According to the report, Latin America saw the highest increase in the average cost of an incident with 52.4% growth, followed by South Africa with a 50% increase. However, both regions experienced less than the average cost of a breach with $2.56 million and $3.21 million, respectively.

The report shows that cost of an incident in Australia rose by 30%, 20% in Canada, 19.7% in the UK, and 14% in France. Excluding Australia, all of the countries mentioned registered costs higher than $4 million per incident.

Compromised credentials

The report shows that compromised credentials were the most frequent attack vector, causing 20% of all breaches. Researchers indicated various phishing schemes caused 17% of all data breaches, with cloud misconfiguration causing 15% of incidents.

The costliest attack vector, however, was a business email compromise. Even though such attacks made up only 4% of the total attacks, on average, they cost $5.01 million. For comparison, a breach due to cloud misconfiguration on average costs $3.86 million. 

On average, it took 212 days to identify and 75 days to contain a data breach, or 287 in total. It turns out that attacks caused by compromised credentials were the hardest to identify with 341 days from start to finish.

Business email compromises took 317 days to resolve, making the attack vector extremely dangerous due to the high average cost per accident.

Speed over quality

With millions of workers forced to work from home due to the pandemic, organizations were forced to quickly adopt cloud solutions, allowing them to manage daily activities remotely.

Unsurprisingly, the report shows that the rapid transition to the cloud has left some serious security risks. Unmitigated transition problems caused breached companies to experience costs up to $750,000 higher than the global average. 

According to the IBM Security report, public-cloud users took on the highest average cost of a breach with $4.8 million per incident. Breaches that occurred in the private cloud on average cost $4.55 million. In comparison, hybrid cloud users paid the least, with an average cost of $3.61 million. 

It’s worth noting, however, that IBM aims to be the leader of hybrid cloud-based solutions.

The report shows that companies in the later stages of cloud adoption fared better than early entries. On average, organizations in a mature stage of modernization found breaches 38 days sooner and resolved them 39 days faster than early-stage adopters. 

Remote working in danger?

According to the report, remote working has impacted the results. The average cost of a data breach was $1.07 million higher in breaches where remote working was among the factors that caused the breach. 

Organizations that were breached during a period where over 80% of the employees worked remotely endured significantly higher costs of $5.54 million per accident or $1.30 million higher than the average.

Moreover, the report shows that if over a half of the workforce was working remotely, the data breach took almost two months longer to detect and resolve, putting hopes of continuing remote working at risk.

It took 189 days to detect the breach and 69 days to resolve it for organizations, with less than half of the workforce working remotely. In contrast, companies with over 50% of the workforce outside the office took 235 days to identify the breach and 81 days to resolve it. 

Take precaution

Data breaches have become almost commonplace in recent months. At the start of June, a 100GB TXT file that contains 8.4 billion entries of passwords was posted.

Because only about 4.7 billion people are online, numbers-wise, the RockYou2021 compilation potentially includes the passwords of the entire global online population almost two times over. 

For that reason, users are recommended to immediately check if their passwords were included in the leak.

If you suspect that one or more of your passwords may have been leaked, we recommend taking the following steps in order to secure your data and avoid potential harm from threat actors:

  • Use our personal data leak checker and leaked password checker to see if your data has been leaked in this or other breaches.
  • If your data has been compromised, make sure to change your passwords across your online accounts. You can easily generate complex passwords with our strong password generator or consider using a password manager.
  • Enable two-factor authentication (2FA) on all of your online accounts.
  • Watch out for incoming spam emails, unsolicited texts, and phishing messages. Don’t click on anything that seems suspicious, including emails and texts from senders you don’t recognize.

More from CyberNews:

Ransomware surged 93% in last 6 months fueled by triple extortion

The cybersecurity threat of browser extensions

DuckDuckGo’s new email privacy service: how will marketers react?

Silence can cause millions in downtime costs

Can the ransomware task force stem the tide of attacks?

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked