Data breach costs have hit record highs during the coronavirus pandemic, according to a new report from IBM.
Amid an increase in remote working and a shift to the cloud, the average cost per incident stands at $4.24 million (£3.1m), marking the highest cost in the 17-year history of IBM’s Cost of a Data Breach Report.
The study, which analysed real-world data breaches experienced by over 500 organisations, shows that security incidents are growing in both cost and severity.
This is partly due to the rapid shift in working practices which many organisations were forced to adopt at the onset of the coronavirus pandemic, the report found.
While remote working enabled firms to continue operating, many have found themselves at increased risk of cyber-attacks and data breaches.
Compared to pre-pandemic statistics, data breaches cost $1 million more when remote work was a factor in the incident, reaching an average of $4.96m.
Data breach response has also been impacted over the last year, the IBM report found, with the average time to detect and contain a breach standing at 287 days – one week longer than recorded in the previous report.
Stolen user credentials were the most common root cause of breaches while customer personal data (such as name, email, password) was the most common type of information exposed.
According to IBM, the combination of these factors “could cause a spiral effect” where breaches provide attackers with leverage for future incidents.
The rapid shift to the cloud has also left some organisations vulnerable over the last year, not least during the migration process.
According to the report, companies which experienced a breach during a migration project were met with 18.8% higher costs on average. Those further along in the cloud journey fared significantly better, however.
The study found that firms at a “mature” stage of cloud modernisation were able to detect and respond to data breaches and incidents up to 77 days faster on average.
Notably, companies that had implemented a hybrid cloud approach experienced lower data breach costs ($3.61m) than those who pursued a public ($4.80m) or private cloud approach ($4.55m).
“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said Chris McCurdy, Vice President and General Manager, IBM Security.
“While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero-trust approach – which may pay off in reducing the cost of these incidents further down the line,” McCurdy added.
- IGEL “Office in a Box” system helps 4,500 Scottish staff work from home
- Kaseya receives decryptor after ransomware attack
- Will businesses be facing lethal cyberattacks by 2025?
Indeed, companies which adopted zero trust security approach were “better positioned” to deal with data breaches, the report found.
“Organisations with a mature zero trust strategy had an average data breach cost of $3.28 million – which was $1.76 million lower than those who had not deployed this approach at all,” IBM said.
The automation of security has also helped organisations protect themselves and deliver cost savings. Nearly two-thirds (65%) of companies surveyed reported they were partially or fully deploying automation within security infrastructure, marking an increase from 52% two years prior.
Organisations with a “fully deployed” security automation strategy had an average breach cost of $2.90m while those with no automation experienced more than double that cost at $6.7m.