Light Dark
July 28, 2021 By John Zorabedian 5 min read
X-Force
Zero Trust
Artificial Intelligence
Banking & Finance
CISO
Cloud Security
Energy & Utility
Government
Healthcare
Incident Response
Risk Management
Security Services
Threat Intelligence

Has cybersecurity ever been more important than it is right now? Even in these extraordinary times, with its focus on manufacturing vaccines and getting shots into arms, new research in the Cost of a Data Breach Report shows that the increasing cost of security breaches makes preventing and responding to these threats a critical concern.

Now in its 17th year, the annual Cost of a Data Breach Report — conducted by the Ponemon Institute and sponsored, analyzed, reported and published by IBM Security — continues to be relevant in helping organizations understand and respond to security risks. This year’s report looked at dozens of factors that influence data breach costs, including the impact of millions of workers logging on from home to access data and applications.

As we saw in last year’s report, survey participants predicted that the rapid onset of remote work and other factors due to the pandemic would increase the costs associated with data breaches and the amount of time to contain them. Those predictions turned out to be accurate, as data breach costs reached a record high.

How much does a data breach cost in 2021?

In the 2021 study, the average total cost of a data breach increased by nearly 10% to $4.24 million, the highest ever recorded. Moreover, costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million.

Remote working due to the pandemic also impacted the speed of response, increasing the time to identify and contain data breaches. At organizations with a greater than 50% remote work adoption, it took an average of 316 days to identify and contain the breach. Compared to the overall average of 287 days, increased levels of remote work appeared to make containing a breach take nearly a month longer.

The research for this report showed that faster incident response times were associated with substantially lower costs, with a cost savings of nearly 30% if a breach was contained in less than 200 days.

Download the Report

Top findings: Security AI, zero trust and cloud

Despite increasing costs and breach timelines, this year’s report reveals encouraging developments in the successes of artificial intelligence (AI), security automation and zero trust at mitigating the worst financial impacts. Not only does it appear that AI, automation and zero trust technologies are helping limit the damages, more companies are also entering a mature stage in their deployment.

Among the top findings in this year’s report, we saw:

  • Levels of automation increased. The share of organizations with fully or partially deployed security AI and automation rose to 65% in the 2021 study, compared to 59% in 2020.
  • Security AI and automation when fully deployed provided the biggest cost mitigation. Organizations with fully deployed security AI and automation saw breach costs that were $3.81 million less than organizations without it. With no security automation, breach costs averaged $6.71 million, vs. $2.90 million on average at organizations with fully deployed security automation, a difference of 79.3%.
  • A zero trust approach helped reduce the average cost of a data breach. Just 35% of organizations used a zero trust approach, which aims to wrap security around every user, device and connection. While the average cost of a breach was $5.04 million for those without a zero trust approach, in mature stage of deployment, the average cost of a breach was $3.28 million, a 42% cost difference.

The report also looked into the impacts of data breaches in the cloud, and the influence of cloud migration on breach costs.

  • The hybrid cloud model had the lowest average total cost. Hybrid cloud breaches had a lower average cost compared to public, private and on-premise cloud models. Hybrid cloud breaches cost an average of $1.19 million less than public cloud breaches, or a difference in cost of 28.3%.
  • Cloud modernization appeared to help decrease breach response times. While companies that experienced a breach during a major cloud migration had higher costs, those who were further along in their overall cloud modernization strategy were able to detect and respond to incidents more effectively. Mature organizations successfully contained the breach 77 days faster than those who were in the early stage of their deployments (252 vs. 329 days).

Quantifying security risk

CISOs, risk managers and security teams can use benchmark research like the Cost of a Data Breach Report to infer general trends and cost averages in their industry or geography, or use risk quantification to understand risks for their specific organization.

As part of a comprehensive strategy for risk management, security risk quantification calculates the probability of certain events and calculates the estimated financial impact to the business. One prime example of how cyber risk affects business value is in mergers and acquisitions, where an undisclosed data breach at the acquired company could contribute to the company losing value. Other risks include threats to stock valuation, lost business, business disruption and regulatory and legal costs.

The Cost of a Data Breach Report highlights how the Factor Analysis of Information Risk (FAIR), an open international standard for cyber risk modeling, combined with threat intelligence, can help organizations assess the potential impacts of cyber risks through financial projections and probabilities. The report offers a hypothetical example of how an organization in the financial services industry might use FAIR to project probability and ranges for monetary damages from a breach of sensitive information.

More to explore

Inside the report, you’ll also find IBM Security recommendations for security measures that can reduce the potential financial and brand damages from a data breach, based on what the research found were most effective for organizations in the study. These recommendations include leveraging security orchestration, automation and response technologies and services; creating and practicing an incident response plan; identify and access management for remote employees; and employing a zero trust security model to help prevent unauthorized access to sensitive data.

Other topics covered in the report include:

  • Global findings and highlights – average costs in 17 countries and 17 industries, including the top country (the United States: $9.05 million) and top industry (healthcare: $9.23 million)
  • Frequency and cost of various initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).
  • The cost of mega breaches of more than 1 million records, which reached over $400 million for the largest breaches of 50 million to 65 million records.
  • The cost of different types of records, including customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.

Download the full report for the complete findings.

 |  |  |  |  |  |  |  |  | 
John Zorabedian
Content Marketing Manager, IBM Security

More from X-Force
November 12, 2024

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

October 16, 2024

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

September 26, 2024

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature