Cost of data breaches continues to go in wrong direction: IBM

Share post:

The average cost of a data breach continues to grow, according to IBM’s annual survey of 16 countries and regions during a recent 12 month period.

The study, released today, shows that the average breach cost the 553 organizations studied US$4.45 million in the 12 months ending Mar. 30, a 2.3 per cent increase from the same period in 2022.

The average cost has increased 15.3 per cent since the 2020 report. Those are incident recovery costs, and don’t include any ransomware or extortion payments organizations may have made.

In a separate report that breaks down results for Canada, the cost of data breaches at 28 organizations studied was down slightly from the previous year (C$6.9 vs C$7 million). That put Canada as the geography with the third highest breach costs among the organizations studied. First was the U.S., followed by a grouping of Middle East countries.

In U.S. dollars, the average cost of a breach among Canadian firms studied in this edition was $5.13 million in the study — higher than Germany, Japan the U.K., France and Italy. By comparison, the average cost of a breach in Australia was $2.7 million.

Asked why the cost in Canada was so much higher than Australia, Chris Sicard, a partner in IBM Canada’s security consulting and delivery practice, speculated that many of the Canadian organizations included in this year’s study were regulated industries, where recovery costs are higher.

And while the cost in this country has gone up and down since it was included in the global study nine years ago, the overall trend during those years is up.

“Overall we’re seeing the trend continue to go in the wrong direction,” Sicard said in an interview.

There are very telling nuggets of information in the study. For example, only one-third of the 553 companies discovered their data breach through their own security teams. Or, put another way, 67 per cent of breaches were reported by a third party, like a police force, or the victim firm only learned when the attackers announced a successful breach.

In other words, firms were more likely to learn from an outside source they were successfully breached than from their own IT staff.

“It is telling,” commented Sicard. “It means we still don’t have the right level of monitoring and insights in terms of what is going on within the network … You can’t protect what you don’t see.”

Here’s another statistic: On average, the cost of a data breach among organizations with application development teams with high DevSecOps adoption was US$1.68 million less than those who paid little or no attention to this process.

The next three corporate strategies that lowered the average cost of a data breach were employee awareness training, having and testing an incident response plan, and benefiting from artificial intelligence or machine learning insights.

And another number: The mean time among the 553 organizations studied to both identify (204 days) and to contain data breaches (73 days) saw only marginal changes from last year’s study.

The most effective things that lower the cost of a data breach are still the basics, Sicard said: Employee awareness training, using threat intelligence, having a strong identity and access management process, setting up a zero-trust IT architecture, having a strong incident response plan, and running table-top cyber attack exercises. It also includes using artificial intelligence/machine learning solutions to relieve the workload on infosec pros, he added.

Research for the study was conducted by the Ponemon Institute. It included over 3,475 interviews with individuals at 553 organizations that suffered a data breach between March 2022 and March 2023. Interviewees included IT, compliance and information security practitioners familiar with their organization’s data breach and the costs associated with resolving the breach. For privacy purposes, organization-specific information wasn’t collected.

The global report is available here. Registration is required.

The post Cost of data breaches continues to go in wrong direction: IBM first appeared on IT World Canada.
Howard Solomon
Howard Solomonhttps://www.itworldcanada.com
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Cyber Security Today, April 24, 2024 – Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more

This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and passw

Google Play introduces new biometric verification with a user warning

Google has recently announced updates to the biometric verification process for Google Play purchases, aiming to bolster security...

Cyber Security Today, Week in Review for week ending Friday April 19, 2024

On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT d

Cyber Security Today, April 19, 2024 – Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more

This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways