Has cybersecurity ever been more important than it is right now? Even in these extraordinary times, with its focus on manufacturing vaccines and getting shots into arms, new research in the Cost of a Data Breach Report shows that the increasing cost of security breaches makes preventing and responding to these threats a critical concern.

Now in its 17th year, the annual Cost of a Data Breach Report — conducted by the Ponemon Institute and sponsored, analyzed, reported and published by IBM Security — continues to be relevant in helping organizations understand and respond to security risks. This year’s report looked at dozens of factors that influence data breach costs, including the impact of millions of workers logging on from home to access data and applications.

As we saw in last year’s report, survey participants predicted that the rapid onset of remote work and other factors due to the pandemic would increase the costs associated with data breaches and the amount of time to contain them. Those predictions turned out to be accurate, as data breach costs reached a record high.

How Much Does a Data Breach Cost in 2021?

In the 2021 study, the average total cost of a data breach increased by nearly 10% to $4.24 million, the highest ever recorded. Moreover, costs were even higher when remote working was presumed to be a factor in causing the breach, increasing to $4.96 million.

Remote working due to the pandemic also impacted the speed of response, increasing the time to identify and contain data breaches. At organizations with a greater than 50% remote work adoption, it took an average of 316 days to identify and contain the breach. Compared to the overall average of 287 days, increased levels of remote work appeared to make containing a breach take nearly a month longer.

The research for this report showed that faster incident response times were associated with substantially lower costs, with a cost savings of nearly 30% if a breach was contained in less than 200 days.

Download the Report

Top Findings: Security AI, Zero Trust and Cloud

Despite increasing costs and breach timelines, this year’s report reveals encouraging developments in the successes of artificial intelligence (AI), security automation and zero trust at mitigating the worst financial impacts. Not only does it appear that AI, automation and zero trust technologies are helping limit the damages, more companies are also entering a mature stage in their deployment.

Among the top findings in this year’s report, we saw:

  • Levels of automation increased. The share of organizations with fully or partially deployed security AI and automation rose to 65% in the 2021 study, compared to 59% in 2020.
  • Security AI and automation when fully deployed provided the biggest cost mitigation. Organizations with fully deployed security AI and automation saw breach costs that were $3.81 million less than organizations without it. With no security automation, breach costs averaged $6.71 million, vs. $2.90 million on average at organizations with fully deployed security automation, a difference of 79.3%.
  • A zero trust approach helped reduce the average cost of a data breach. Just 35% of organizations used a zero trust approach, which aims to wrap security around every user, device and connection. While the average cost of a breach was $5.04 million for those without a zero trust approach, in mature stage of deployment, the average cost of a breach was $3.28 million, a 42% cost difference.

The report also looked into the impacts of data breaches in the cloud, and the influence of cloud migration on breach costs.

  • The hybrid cloud model had the lowest average total cost. Hybrid cloud breaches had a lower average cost compared to public, private and on-premise cloud models. Hybrid cloud breaches cost an average of $1.19 million less than public cloud breaches, or a difference in cost of 28.3%.
  • Cloud modernization appeared to help decrease breach response times. While companies that experienced a breach during a major cloud migration had higher costs, those who were further along in their overall cloud modernization strategy were able to detect and respond to incidents more effectively. Mature organizations successfully contained the breach 77 days faster than those who were in the early stage of their deployments (252 vs. 329 days).

Quantifying Security Risk

CISOs, risk managers and security teams can use benchmark research like the Cost of a Data Breach Report to infer general trends and cost averages in their industry or geography, or use risk quantification to understand risks for their specific organization.

As part of a comprehensive strategy for risk management, security risk quantification calculates the probability of certain events and calculates the estimated financial impact to the business. One prime example of how cyber risk affects business value is in mergers and acquisitions, where an undisclosed data breach at the acquired company could contribute to the company losing value. Other risks include threats to stock valuation, lost business, business disruption and regulatory and legal costs.

The Cost of a Data Breach Report highlights how the Factor Analysis of Information Risk (FAIR), an open international standard for cyber risk modeling, combined with threat intelligence, can help organizations assess the potential impacts of cyber risks through financial projections and probabilities. The report offers a hypothetical example of how an organization in the financial services industry might use FAIR to project probability and ranges for monetary damages from a breach of sensitive information.

More to Explore

Inside the report, you’ll also find IBM Security recommendations for security measures that can reduce the potential financial and brand damages from a data breach, based on what the research found were most effective for organizations in the study. These recommendations include leveraging security orchestration, automation and response technologies and services; creating and practicing an incident response plan; identify and access management for remote employees; and employing a zero trust security model to help prevent unauthorized access to sensitive data.

Other topics covered in the report include:

  • Global findings and highlights – average costs in 17 countries and 17 industries, including the top country (the United States: $9.05 million) and top industry (healthcare: $9.23 million)
  • Frequency and cost of various initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).
  • The cost of mega breaches of more than 1 million records, which reached over $400 million for the largest breaches of 50 million to 65 million records.
  • The cost of different types of records, including customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.

Download the full report for the complete findings.

More from Zero Trust

SOAR, SIEM, SASE and Zero Trust: How They All Fit Together

Cybersecurity in today’s climate is not a linear process. Organizations can’t simply implement a single tool or strategy to be protected from all threats and challenges. Instead, they must implement the right strategies and technologies for the organization’s specific needs and level of accepted risks. However, once the dive into today’s best practices and strategies begins, it’s easy to quickly become overwhelmed with SOAR, SIEM, SASE and Zero Trust —  especially since they almost all start with the letter S.…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Why Zero Trust Works When Everything Else Doesn’t

The zero trust security model is proving to be one of the most effective cybersecurity approaches ever conceived. Zero trust — also called zero trust architecture (ZTA), zero trust network architecture (ZTNA) and perimeter-less security — takes a "default deny" security posture. All people and devices must prove explicit permission to use each network resource each time they use that resource. Using microsegmentation and least privileged access principles, zero trust not only prevents breaches but also stymies lateral movement should a breach…

What to Know About the Pentagon’s New Push for Zero Trust

The Pentagon is taking cybersecurity to the next level — and they’re helping organizations of all kinds do the same. Here’s how the U.S. Department of Defense is implementing zero trust and why this matters to all businesses and organizations. But first, let’s review this zero trust business. What is Zero Trust? Zero trust is the most important cybersecurity idea in a generation. But “zero trust” is itself a bit of a misnomer. It’s not about whether a person or…