IBM recently released the 2021 Cost of a Data Breach Report, its annual deep dive into data breach costs, as reported by 500+ companies worldwide.
The report delivers a goldmine of data, but the numbers are so big that you could be tempted to ignore them. At $4 million-and-change, the global average data breach cost doesn’t translate well if your entire annual revenue is a fraction of that number. But the report offers a lot more than worldwide averages skewed by enterprise-level breaches. To help you find real-world ways to reduce data breach costs, we combed the data for underlying causes that point to top takeaways for organizations of any size.
Read on for our top insights from the 17th version of Big Blue’s much-anticipated yearly benchmark.
Top Trends in Data Breach Costs
- Breaches got 10% more expensive this year – That’s the largest cost jump in the last seven years of IBM studies. But that doesn’t mean everyone suffers equally when hackers strike. As described below in the list of best practices, several widely recommended cybersecurity tools make an enormous difference. For example, organizations using advanced security such as artificial intelligence and zero-trust policies saw dramatically lower costs.
- Ransomware attacks will cost you the most (even without the ransom) – It’s not just frequency that makes ransomware so concerning. When these attacks happen, their tab runs 9% more than other data breaches, without even counting the cost of a ransom. In fact, an actual ransom payment (which we don’t recommend paying) is usually one of the cheaper line items in the cost of an attack. Make sure your ransomware defense plan is up to par.
- Lost business devastates your bottom line – In the breakdown of a breach’s total cost, 38% comes from factors such as losing customers, enduring system downtime and acquiring new customers to replace those who lost faith in you. That’s more than the straightforward cost of detection and escalation (29% of the total). And the impact of lost business will haunt you for months, and possibly even years, to come. So when you’re considering the ROI of a cybersecurity investment, the analysis should include far more than the simple cost of restoring data.
- Customer information is the costliest loss – Many companies think mostly in terms of losing their intellectual property, which is undoubtedly damaging. But, on average, it costs you more when hackers get access to PII (personally identifiable information), with a price of $180 per record. Depending on your organization’s size and industry, breached PII could require you to make costly public notifications to everyone involved.
Notable Risk Factors
- Remote workers increase exposure – You’ve been hearing since the pandemic began that a remote workforce greatly expands your attack surface and puts your data onto innumerable non-company devices. This year’s report has the data to back that up. Companies that had more than 50% of their employees working remotely took almost two months longer to identify and contain breaches. And breaches cost significantly more to fix when remote workers were involved.
- Smaller organizations still have big risks – Twenty-five percent of the companies in the study had less than 1,000 employees. The total cost of a breach for those organizations was $2.98 million, up from $2.35 million last year.
- Hackers lurk in your system a long time – It now takes an average of 212 days to identify a breach and another 75 to contain it. That cycle is a full week longer than in last year’s study. Translation: If you discover a breach in mid-October, it means, on average, that the hackers have been in your system since January 1.
How You Can Be More Secure
- Protect those credentials – Compromised credentials (your username/password falling into the hands of a malicious actor) accounted for 20% of all breaches. That points to training your team better on spotting phishing attempts, not sharing login credentials with others, etc.
- Use AI and security automation – Because hackers usually get months to explore your system before you spot them, there’s a clear need for next-gen detection and response tools such as managed XDR, which leverage AI and machine learning to spot and shut down suspicious activity far more quickly. IBM’s study found that organizations that had security AI and automation in place spend 80% less handling a breach. That makes AI/automation deployment the single most effective tools for cutting costs in this year’s survey.
- Incident response plans pay off—significantly – Organizations with a written incident response plan and a process for regularly testing it reduced the cost of a breach by an average of 55%. This blog explains how to get started on your IR plan.
- Zero-trust architecture works – Only 35% of the organizations in the study have deployed zero-trust in any form. But those with mature zero-trust implementations dropped their breach costs by 42%. Even an early stage zero-trust rollout cut costs by 13%.
If you’re ready to explore how the solutions identified here can protect your data—and your bottom line—contact Pratum today for a free consultation.