Have you ever wondered what the cost of a data breach is e what are the factors that influence it? It is difficult, if not impossible, to accurately estimate the impact of a data breach, however a valid source of information that can help us answer the question is represented by the annual report Cost of Data Breach written by the Ponemon Institute and commissioned by IBM.
A few days ago it was 2020 report published, based on data on data breaches suffered by more than 500 organizations in the period between May 2020 and March 2021.
The report highlights the significant impact of the pandemic on the cost of data breaches and the effort of companies to mitigate these incidents. The massive use of the remote working in recent months it has actually increased the exposure of our companies to cyber attacks. As a result, the cost of data breaches has risen globally.
According to the study there was a an increase of more than $ 1 million in the average cost of each data breach suffered by companies that allowed employees to work remotely versus those that did not: $ 4.96 versus $ 3.89 million.
An interesting value that has been reported by this report for years is the average cost per record faced by a company in the event of a data breach. This value is estimated considering i multiple impacts of an attack, from the cost caused by the interruption of operations to the legal and technological costs suffered by the company to restore operations and compensate any impacted customers and third parties.
This year the average cost was estimated to be 161 dollars, a significant increase compared to 146 the previous year (+ 14.2% from 2017). How is this data used? Simple, assuming that a company has undergone one violation of an archive containing 1 million records, the estimated economic impact will be $ 161 per 1 million, or $ 161 million.
You will understand how much it is important for a company to invest in safety to avoid that in a few minutes it finds itself having to suffer huge economic losses like the one in this example.
Obviously the very nature of the content of the record inevitably influences the cost in case of violation: if an archive containing personal information of customers (Customer personal identifiable information, Pii) were to be compromised, a maximum loss would be observed compared to other types of data, with an estimate for each record of as much as 180 dollars.
The bad news is that nearly half of the breaches analyzed (44%) exposed personal customer data, such as name, email, password or even health information, which represent the most common type of record breached in the report: “IBM Security announced the results of a global study that found that data breaches cost interviewed companies $ 4.24 million on average per incident, the most expensive high in the 17-year history of the relationship. Based on an in-depth analysis of real-world data breaches suffered by more than 500 organizations, the study suggests that security incidents have become more expensive and more difficult to contain due to drastic operational changes during the pandemic, leading to costs in 10% increase over the previous year “, reads on Ibm Security.
The average cost of a data breach has passed $ 3.86 to $ 4.24 million in the past 12 months. The report also shows that organizations with a more mature security attitude faced significantly lower costs: “The costs of data breaches went from $ 3.86 million to $ 4.24 million, the average total cost highest in the history of this relationship. The costs were significantly lower for some of the organizations with a more mature security attitude and higher for organizations that were lagging behind in areas such as artificial intelligence and security automation, zero trust and cloud security, “it continues.
The countries that have suffered the greatest costs are the United States, the Middle East, Canada, Germany and Japan. The average cost for Italian companies was $ 3.61 million.
Most of the financial losses are caused by the loss of business, which accounted for 38% of the total (approximately $ 1.6 million). The health organizations they incurred the highest costs, averaging $ 9.23 million per infringement, followed by companies in the financial (5.72 million) and pharmaceuticals (5.04 million) sectors.
Another interesting fact that emerges from the report is related to the ability of companies to respond to an adverse event such as a data breach. The average number of days since a breach was identified by organizations and the related containment was 287, an increase of seven days compared to the previous year.
Ransomware and destructive attacks are among the most costly to victims compared to other types of breaches. The report states that ransomware attacks cost an average of $ 4.62 million, more expensive than the average data breach ($ 4.24 million): “The higher costs for data breaches are an additional expense for companies. in the wake of the rapid technological changes induced by the pandemic – Chris said McCurdy, vice president e general manager di Ibm Security – While data breach costs have hit a record high over the past year, the report also showed positive signs on the impact of modern security tactics, such as artificial intelligence, automation, and the adoption of a zero trust, which can pay off in reducing the costs of these incidents in the future. “
.