Today’s ‘mega’ data breaches now cost companies $392 million to recover from


The average cost of a “mega” data breach has risen astronomically over the past year and enterprise players impacted by such a security incident can expect to pay up to $392 million.

Data breaches are a commonplace occurrence now and cyberattacks launched against companies have spawned a new cyberinsurance industry, the emergence of regulatory and class-action lawsuits against firms that fail to protect data, and new laws — such as the EU’s GDPR — that can be used to impose heavy penalties against data controllers with lax security. 

Yet, the data breaches keep rolling in, some of which lead to the theft of consumer records for sale on underground forums and an increased risk of identities being stolen. 

In order to tackle the aftermath of a data breach, organizations may need to spend funds on repairing systems and upgrading architectures, they may need to invest in new cybersecurity services and cyberforensics, and they may also face lawsuits or regulatory penalties — and the cost continues to increase year-on-year when customer PII is involved. 

On Wednesday, IBM released its annual Cost of a Data Breach Report which says that the average data breach now costs $3.86 million. While this average has decreased by 1.5% in comparison to 2019, when over 50 million consumer records are involved, these “mega” breaches can cost up to $392 million to remedy, up from $388 million in 2019.

See also: EasyJet faces £18 billion class-action lawsuit over data breach

If an organization is acting as a data controller for between 40 and 50 million records, the cost on average is $364 million, and organizations could face a cost of up to $175 per consumer record involved in data theft or leaks.

The study, conducted by the Ponemon Institute, includes interviews with over 3,200 security professionals working at companies that have experienced a data breach in the past year. 

Compromised employee and insider accounts, as highlighted by the recent Twitter hack, are one of the most expensive factors in data breaches today, bringing the average cost of a data breach up to $4.77 million. When insider accounts were involved, 80% of incidents resulted in the exposure of customer records. 

In total, stolen or compromised account credentials — alongside cloud misconfigurations — account for close to 40% of security incidents. 

IBM says that in one out of five breaches, compromised account credentials have been used as an entryway for attackers, leading to the exposure of over 8.5 billion records in 2019 alone. Cloud misconfigurations account for close to 20% of network breaches. 

CNET: Apple’s new security program gives special iPhone hardware, with restrictions attached

The exploit of third-party vulnerabilities, such as zero-days or unpatched security flaws in enterprise software, are also a costly factor in data breaches. An enterprise company that suffers a data breach due to such vulnerabilities can expect to pay up to $4.5 million. 

State-sponsored attacks, including those conducted by advanced persistent threat (APT) groups, are far less common and only represent 13% of overall data breaches reported by enterprise companies. However, when these threat actors are involved, the damage they cause often results in higher recovery costs, represented by an average of $4.43 million. 

If cyberinsurance has been taken out by organizations, this can reduce the damage bill on average by $200,000, with the majority of insurance payouts used for legal services and consultancy fees. 

TechRepublic: The challenges and opportunities of shadow IT

Within the report, IBM cites AI, machine learning, and automaton as valuable tools for responding to data breaches that may cut down incident response times by up to 27%.

“At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams are overwhelmed securing more devices, systems and data,” commented Wendi Whitmore, VP of IBM X-Force Threat Intelligence. “When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies.”

Previous and related coverage


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0




Source link

Recent articles

Genshin Impact PS4 Release Date to Land This Fall

The team at miHoYo is currently working on a gorgeous open-world action-RPG, Genshin Impact. PlayStation 4 players worldwide will be able to venture into...

Triumph preps to sell G650 and composites work as refocus continues | News

Aerospace supplier Triumph Group this week progressed with a plan to divest its aerostructures divisions, saying it has signed deals to sell business-jet...

Brent Scowcroft, a Force on Foreign Policy for 40 Years, Dies at 95

Long after his retirement, Mr. Scowcroft remained a pillar of the Republican national security establishment. In the run-up to the 2016 presidential election,...

Marvel’s Avengers Beta – New Gameplay Today Live

After years of anticipation, Marvel's Avengers is almost here. But before we get to the full release of Crystal Dynamics' take on Earth's...

What’s Coming to Netflix in August 2020

Welcome to the most comprehensive look at what’s coming to Netflix in the United States throughout the month of August 2020. While the...

COVID-19’s next threat to your 401(k)

It is insane that our tax-deferred retirement plans depend on our employers, and we’ve got...

Leave a reply

Please enter your comment!
Please enter your name here