IBM: Mega Data Breach Costs Jump by Millions

The costliest type of threat actor examined in the report? Nation-states.

Edward Gately, Senior News Editor

July 29, 2020

3 Min Read
Data breach
Shutterstock

Mega data breach costs have soared by the millions in the past year while security automation technologies help reduce those costs by one half.

That’s according to the 2020 Cost of a Data Breach Report sponsored by IBM and conducted by the Ponemon Institute. The results are from interviews with 3,200 security professionals in organizations suffering a data breach in the past year.

A mega data breach exposing 40-50 million records now costs companies an average of $364 million. That’s up $19 million from a year ago.

And breaches in which over 50 million records were compromised cost companies $392 million. That’s up from $388 million in the previous report.

Wendi Whitmore is vice president of IBM X-Force Threat Intelligence.

Whitmore-Wendi_IBM.jpg

IBM’s Wendi Whitmore

“It’s likely that organizations will experience higher breach costs in the future due to the global shift to remote work and the subsequent longer breach lifecycles that are forecasted in the report,” she said. “But in general, I think organizations are becoming more cyber aware. Regulations are also pushing companies to improve their data governance and security controls, enabling businesses to have better control of their data.”

Automation Reduces Data Breach Impact

Companies that fully deployed security automation technologies experienced less than half the data breach costs compared to those who haven’t. Security automation technologies leverage artificial intelligence, analytics and automated orchestration to identify and respond to security threats.

“When you’re able to identify a potential incident fast, containing it becomes an easier process,” Whitmore said. “Similarly, we’re seeing incident response teams and playbooks can equip businesses with the readiness needed to effectively thwart off an attack. Additionally, testing those incident response plans allows organizations to experience the heat of a breach and practice their response, without the risk associated to an actual incident occurring.”

In incidents where attackers accessed corporate networks using stolen or compromised credentials, businesses saw nearly $1 million higher data breach costs compared to the global average. That has reached nearly $4.8 million per data breach. Exploiting third-party vulnerabilities was the second costliest root cause of malicious breaches, at $4.5 million.

The costliest type of threat actor examined in the report? Nation-states. State-sponsored attacks averaged $4.43 million in data breach costs, surpassing both financially motivated cybercriminals and hacktivists.

Stolen or compromised credentials and cloud misconfigurations were the most common causes of malicious breaches for companies in the report. Those represented nearly 40% of malicious incidents.

MSSPs and Automation

MSSPs can take advantage of automation to connect their tools in a more streamlined way in order to speed response efforts and help clients reduce costs associated with investigation and recovery from an incident,” Whitmore said.

A simple step to fend off attacks is implementing multifactor authentication (MFA), she said.

“This is becoming more and more essential as employees are operating in hybrid environments,” Whitmore said. “This extra layer of defense allows users to maintain control of their accounts by requiring that second and separate form of authentication/verification. Also, it’s important that businesses adopt SaaS security models as cloud-enabled security services improves security teams’ visibility. This allows them to see previous blind spots across the environment and more effectively detect suspicious activity.”

Read more about:

MSPsChannel Research

About the Author

Edward Gately

Senior News Editor, Channel Futures

As senior news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like