Has cybersecurity ever been more important than it is right now? Even in these extraordinary times, with its focus on manufacturing vaccines and getting shots into arms, new research in the Cost of a Data Breach Report shows that the increasing cost of security breaches makes preventing and responding to these threats a critical concern.

Now in its 17th year, the annual Cost of a Data Breach Report — conducted by the Ponemon Institute and sponsored, analyzed, reported and published by IBM Security — continues to be relevant in helping organizations understand and respond to security risks. This year’s report looked at dozens of factors that influence data breach costs, including the impact of millions of workers logging on from home to access data and applications.

As we saw in last year’s report, survey participants predicted that the rapid onset of remote work and other factors due to the pandemic would increase the costs associated with data breaches and the amount of time to contain them. Those predictions turned out to be accurate, as data breach costs reached a record high.

How much does a data breach cost in 2021?

In the 2021 study, the average total cost of a data breach increased by nearly 10% to $4.24 million, the highest ever recorded. Moreover, costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million.

Remote working due to the pandemic also impacted the speed of response, increasing the time to identify and contain data breaches. At organizations with a greater than 50% remote work adoption, it took an average of 316 days to identify and contain the breach. Compared to the overall average of 287 days, increased levels of remote work appeared to make containing a breach take nearly a month longer.

The research for this report showed that faster incident response times were associated with substantially lower costs, with a cost savings of nearly 30% if a breach was contained in less than 200 days.

Download the Report

Top findings: Security AI, zero trust and cloud

Despite increasing costs and breach timelines, this year’s report reveals encouraging developments in the successes of artificial intelligence (AI), security automation and zero trust at mitigating the worst financial impacts. Not only does it appear that AI, automation and zero trust technologies are helping limit the damages, more companies are also entering a mature stage in their deployment.

Among the top findings in this year’s report, we saw:

  • Levels of automation increased. The share of organizations with fully or partially deployed security AI and automation rose to 65% in the 2021 study, compared to 59% in 2020.
  • Security AI and automation when fully deployed provided the biggest cost mitigation. Organizations with fully deployed security AI and automation saw breach costs that were $3.81 million less than organizations without it. With no security automation, breach costs averaged $6.71 million, vs. $2.90 million on average at organizations with fully deployed security automation, a difference of 79.3%.
  • A zero trust approach helped reduce the average cost of a data breach. Just 35% of organizations used a zero trust approach, which aims to wrap security around every user, device and connection. While the average cost of a breach was $5.04 million for those without a zero trust approach, in mature stage of deployment, the average cost of a breach was $3.28 million, a 42% cost difference.

The report also looked into the impacts of data breaches in the cloud, and the influence of cloud migration on breach costs.

  • The hybrid cloud model had the lowest average total cost. Hybrid cloud breaches had a lower average cost compared to public, private and on-premise cloud models. Hybrid cloud breaches cost an average of $1.19 million less than public cloud breaches, or a difference in cost of 28.3%.
  • Cloud modernization appeared to help decrease breach response times. While companies that experienced a breach during a major cloud migration had higher costs, those who were further along in their overall cloud modernization strategy were able to detect and respond to incidents more effectively. Mature organizations successfully contained the breach 77 days faster than those who were in the early stage of their deployments (252 vs. 329 days).

Quantifying security risk

CISOs, risk managers and security teams can use benchmark research like the Cost of a Data Breach Report to infer general trends and cost averages in their industry or geography, or use risk quantification to understand risks for their specific organization.

As part of a comprehensive strategy for risk management, security risk quantification calculates the probability of certain events and calculates the estimated financial impact to the business. One prime example of how cyber risk affects business value is in mergers and acquisitions, where an undisclosed data breach at the acquired company could contribute to the company losing value. Other risks include threats to stock valuation, lost business, business disruption and regulatory and legal costs.

The Cost of a Data Breach Report highlights how the Factor Analysis of Information Risk (FAIR), an open international standard for cyber risk modeling, combined with threat intelligence, can help organizations assess the potential impacts of cyber risks through financial projections and probabilities. The report offers a hypothetical example of how an organization in the financial services industry might use FAIR to project probability and ranges for monetary damages from a breach of sensitive information.

More to explore

Inside the report, you’ll also find IBM Security recommendations for security measures that can reduce the potential financial and brand damages from a data breach, based on what the research found were most effective for organizations in the study. These recommendations include leveraging security orchestration, automation and response technologies and services; creating and practicing an incident response plan; identify and access management for remote employees; and employing a zero trust security model to help prevent unauthorized access to sensitive data.

Other topics covered in the report include:

  • Global findings and highlights – average costs in 17 countries and 17 industries, including the top country (the United States: $9.05 million) and top industry (healthcare: $9.23 million)
  • Frequency and cost of various initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).
  • The cost of mega breaches of more than 1 million records, which reached over $400 million for the largest breaches of 50 million to 65 million records.
  • The cost of different types of records, including customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.

Download the full report for the complete findings.

More from X-Force

“Authorized” to break in: Adversaries use valid credentials to compromise cloud environments

4 min read - Overprivileged plaintext credentials left on display in 33% of X-Force adversary simulations Adversaries are constantly seeking to improve their productivity margins, but new data from IBM X-Force suggests they aren’t exclusively leaning on sophistication to do so. Simple yet reliable tactics that offer ease of use and often direct access to privileged environments are still heavily relied upon. Today X-Force released the 2023 Cloud Threat Landscape Report, detailing common trends and top threats observed against cloud environments over the past…

Email campaigns leverage updated DBatLoader to deliver RATs, stealers

11 min read - IBM X-Force has identified new capabilities in DBatLoader malware samples delivered in recent email campaigns, signaling a heightened risk of infection from commodity malware families associated with DBatLoader activity. X-Force has observed nearly two dozen email campaigns since late June leveraging the updated DBatLoader loader to deliver payloads such as Remcos, Warzone, Formbook, and AgentTesla. DBatLoader malware has been used since 2020 by cybercriminals to install commodity malware remote access Trojans (RATs) and infostealers, primarily via malicious spam (malspam). DBatLoader…

New Hive0117 phishing campaign imitates conscription summons to deliver DarkWatchman malware

8 min read - IBM X-Force uncovered a new phishing campaign likely conducted by Hive0117 delivering the fileless malware DarkWatchman, directed at individuals associated with major energy, finance, transport, and software security industries based in Russia, Kazakhstan, Latvia, and Estonia. DarkWatchman malware is capable of keylogging, collecting system information, and deploying secondary payloads. Imitating official correspondence from the Russian government in phishing emails aligns with previous Hive0117 campaigns delivering DarkWatchman malware, and shows a possible significant effort to induce a sense of urgency as…

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…