A global study on the financial impact of data breaches revealed this week that cyber incidents cost companies $3.86 million per breach on average, and that compromised employee accounts were the most expensive root cause.
Based on in-depth analysis of data breaches suffered by over 500 organizations worldwide, IBM researchers found that 80% of these incidents resulted in exposure of customers' personally identifiable information (PII). Out of all types of data exposed in data breaches, customer PII was also the costliest to businesses studied.
Conducted by the Ponemon Institute, the 2020 Cost of a Data Breach Report is based on in-depth interviews with more than 3,200 security professionals in organizations that suffered at least one data breach between August 2019 and April 2020.
In a key finding, stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach, representing around 40% of incidents. Malicious actors exposed a whopping 8.5 billion records in 2019.
State-sponsored threat actors were the most damaging type of adversary in the past 12 months.
“The highly tactical nature, longevity and stealth maneuvers of state-backed attacks, as well as the high value data targeted, often result in a more extensive compromise of victim environments, increasing breach costs to an average of $4.43 million,” according to the report.
The data also highlights a growing difference in breach costs between businesses implementing advanced security technologies and those lagging. Studied companies with fully deployed security automation (AI, analytics and automated orchestration to identify and respond to security events) saved $3.58 million compared to those that have yet to deploy these technologies. If in 2018 this cost gap was $1.55 million, this year it’s $2 million.
Other key findings include:
A separate IBM study found that over half of surveyed employees new to working from home have not been given adequate guidelines on how to handle customer PII, despite the changing risk models associated with this shift.
Filip is an experienced writer with over a decade of practice in the technology realm. He has covered a wide range of topics in such industries as gaming, software, hardware and cyber-security, and has worked in various B2B and B2C marketing roles. Filip currently serves as Information Security Analyst with Bitdefender.View all posts
June 02, 2023
Don’t miss out on exclusive content and exciting announcements!