Data Breach Costs Hit Record High During Pandemic, Finds IBM Research
Data-breach costs jumped nearly 10% from an average of $3.86 million to $4.24 million per incident over the past year, according to IBM’s latest Cost of a Data Breach Report 2021. It marks the highest average total cost in this report’s 17-year history and the largest single-year increase in the last seven years.
The report from IBM Security and Ponemon Institute is based on analysis of 537 real-world data breaches in 17 different industries across 17 countries and regions that occurred between May 2020 and March 2021.
Despite the overall cost growth, organizations with more mature security postures that deployed tools including artificial intelligence (AI), automation, zero trust, and cloud security saw significantly lower costs.
Remote work has been highlighted as a contributing factor to the high cost of breaches this year, with global breaches costing an average of $1 million more when remote work is a factor. Despite businesses adapting to hybrid work and shifting to cloud-based activities, the report reveals that security has been slow to catch up to the changes in technology, limiting business’s ability to respond quickly.
Nearly 20% of respondents named remote work as a factor in the data breach, and companies that experienced a breach while undertaking a cloud migration process saw over 18% higher than average cost.
According to Chris McCurdy, Vice President and General Manager, IBM Security, “Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic.”
The most common type of data compromised in a breach is personal data, with 44% of breaches analysed exposing customer information including name, email, password and healthcare data. Individuals should also consider their contribution to this risk — 82% of individuals in the survey declared that they reuse passwords across accounts, which IBM claims can create a “compounding risk for businesses”.
“While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation, and the adoption of a zero trust approach — which may pay off in reducing the cost of these incidents further down the line,” says McCurdy.
IBM’s report indicates that around 35% of the surveyed organizations had implemented a zero-trust security approach, and 48% of those were in the mature stage. The average data breach cost for companies with a mature zero-trust strategy was $3.28 million, which was $1.76 million less than the ones without zero trust.
Despite some IT changes increasing the costs of a data breach, the results found that organisations that did not implement a digital transformation agenda during the pandemic incurred higher data breach costs overall (nearly 17% higher than average).
The most significant cost savings were seen across organisations that were deploying security automation. According to IBM, “Around 65% of companies surveyed reported they were partially or fully deploying automation within their security environments, compared to 52% two years ago.”
Those organisations with a “fully deployed” security automation strategy had an average breach cost of $2.90 million — whereas those with no automation experienced more than double that cost at $6.71 million.
As far as India is concerned Rs. 165 million was the average total cost of data breach in the 2021 study, an increase of 17.85% from 2020 and the cost per lost or stolen record is pegged at Rs 5,900, an increase of 6.85% from last year with 27,966 average record breached between May 2020 and March 2021.
The key industries that topped the chart include financial, education and public sector that were mostly targets of phishing attacks, followed by malicious insiders and physical security compromise.
The average mean time to identify a data breach increased from 230 to 239 days and the average mean time to contain a data breach decreased from 83 to 81 days, as per IBM research where researchers further witnessed organizations with less than 50% remote work adoption took 208 days as the average mean time to identify a data breach and 72 days as the average mean time to contain a data breach However, organizations with over 50% remote work adoption took 271 days as the average mean time to identify a data breach and 83 days as the average mean time to contain a data breach
Organizations in India who are in the mature stages of adopting zero trust deployment witnessed ₹131.80 million as the total cost of data breach as compared to organizations who are early stage of adoption and witnessed ₹198.75 millions as the total cost of data breach.
Prashant Bhatkal, Security Software Sales Leader, IBM Technology Sales, India/South Asia, says, “The rapid shift to remote work witnessed a tremendous disruption of security programs. Organizations were focused on getting online and security became an afterthought. India witnessed a record high in Data Breach during the Pandemic leading to many organizations evaluating their security posture.”
According to him, “It’s important to learn from these findings every year and adopt an open approach required to address the fragmentation and complexity challenges facing security teams today coupled with embracing a zero trust strategy.”
The study makes it obvious that with modernization including the adoption of AI, security analytics, and applying a zero trust approach, companies can significantly decrease costs associated with data breaches. What’s important is to learn and apply measures that saved organizations the most money when a breach occurred –including applying zero trust, automation, hybrid cloud, and encryption.
