Light Dark
August 4, 2016 By Diana Kelley 4 min read
X-Force
Data Protection

Many cybersecurity eyes have been on Brazil in the run up to this summer’s events. Every system has been under scrutiny, from ticket fraud prevention to the clocks used to time athletes. But cybercrime in this region isn’t a new concern; attackers had set their sights on the country long before summer sports fever hit.

Last year, IBM X-Force Executive Security Advisor Limor Kessem detailed the over $8 billion a year Brazil loses to cybercrime. This year’s “2016 Cost of Data Breach Study: Brazil” report from the Ponemon Institute placed Brazil at the top of its list of places most likely to suffer a material data breach involving 10,000 records or more.

Costs Continue to Rise

The cost of data breach report assessed post-breach costs incurred by 33 Brazilian companies in 12 different industry sectors. The research revealed that the average per capita cost of a data breach (per capita cost and cost per compromised record have equivalent meaning in this report) increased significantly, from R$175 (Brazilian Real) to R$225.


Image Source: “2016 Cost of Data Breach Study: Brazil,” Ponemon Institute, June 2016

The total organizational cost of data breach increased from R$3.96 million to R$4.31 million, according to the report.


Image Source: “2016 Cost of Data Breach Study: Brazil,” Ponemon Institute, June 2016

Some sectors saw a steeper rise in costs than others. Specifically, services, energy and financial services had a per capita data breach cost substantially above the overall mean of R$225, with services topping out at R$398. Meanwhile, public sector, transportation and consumer companies had a per capita cost well below the overall mean value.


Image Source: “2016 Cost of Data Breach Study: Brazil,” Ponemon Institute, June 2016

Taking a look at the global costs year over year, Brazil has a comparatively low total per capita cost of data breach, but there was a significant increase from 2015 to 2016.


Image Source: “2016 Cost of Data Breach Study: Global Analysis,” Ponemon Institute, June 2016

In general, the more records lost, the higher the overall cost of the data breach. Brazilian companies that suffered breaches of less than 10,000 records incurred an average cost of R$1.88 million. In larger breaches of 50,000 records or more, the cost skyrocketed to R$6.95 million.

One additional data point to note: The total cost of a breach goes up if customer churn is a factor. This includes losing a customer due to bad publicity and loss of customer confidence post-breach. When customer churn goes over 4 percent, the added cost of breach management can reach R$5.42 million. That number goes down to R$3.81 million when churn is under 1 percent.

Churn rates vary by industry. Services, financial and energy had relatively high churn rates, while the public sector had a low churn rate.

Digging Into the Roots of Cybercrime in Brazil

The report broke down root cause of data breach into three main categories: malicious or criminal attack, system glitch and human error. Although a system glitch could have been ultimately connected to a human error, the report looked at whether an individual was directly connected to the breach.

For example, a web application with a SQLi vulnerability would be categorized as a system glitch, while a user leaving a USB drive with sensitive data at a restaurant would be considered human error.

The graphic below represents a summary of the main root causes for the 33 Brazilian organizations in the report. Malicious attacks top the list with 40 percent, while the remaining 60 percent is split evenly between human error and system glitches.


Image Source: “2016 Cost of Data Breach Study: Brazil,” Ponemon Institute, June 2016

Malicious incidents are not only more common, but they’re also more costly. The per capita cost of data loss caused by a malicious incident was R$256. System glitches had an average per capita cost of R$211 and human error was R$200.


Image Source: “2016 Cost of Data Breach Study: Brazil,” Ponemon Institute, June 2016

Reducing the Cost of a Data Breach

The good news is that despite the rising costs of breaches, there are steps Brazilian organizations can take to decrease those costs.

As shown in the graphic below, having an incident response plan, using encryption, involving the BCM team, and implementing employee training and threat sharing can significantly decrease the per capita cost of a data breach. Availability of an incident response team, for example, reduced the average cost of data breach from R$225 to R$192.4 (decreased cost = R$32.6).

Conversely, some factors contributed to the increased cost of a breach. These include extensive cloud migration, third-party involvement and lost or stolen devices. A data breach caused by extensive migration to the cloud increased the average cost to as much as R$258.4 (increased cost = R$33.4).


Image Source: “2016 Cost of Data Breach Study: Brazil,” Ponemon Institute, June 2016

Interested in emerging security threats? Read the latest IBM X-Force Research

 |  |  |  | 
Diana Kelley
Executive Security Advisor, IBM Security

More from X-Force
November 12, 2024

Strela Stealer: Today’s invoice is tomorrow’s phish

12 min read - As of November 2024, IBM X-Force has tracked ongoing Hive0145 campaigns delivering Strela Stealer malware to victims throughout Europe - primarily Spain, Germany and Ukraine. The phishing emails used in these campaigns are real invoice notifications, which have been stolen through previously exfiltrated email credentials. Strela Stealer is designed to extract user credentials stored in Microsoft Outlook and Mozilla Thunderbird. During the past 18 months, the group tested various techniques to enhance its operation's effectiveness. Hive0145 is likely to be…

October 16, 2024

Hive0147 serving juicy Picanha with a side of Mekotio

17 min read - IBM X-Force tracks multiple threat actors operating within the flourishing Latin American (LATAM) threat landscape. X-Force has observed Hive0147 to be one of the most active threat groups operating in the region, targeting employee inboxes at scale, with a primary focus on phishing and malware distribution. After a 3-month break, Hive0147 returned in July with even larger campaign volumes, and the debut of a new malicious downloader X-Force named "Picanha,” likely under continued development, deploying the Mekotio banking trojan. Hive0147…

September 26, 2024

FYSA – Critical RCE Flaw in GNU-Linux Systems

2 min read - Summary The first of a series of blog posts has been published detailing a vulnerability in the Common Unix Printing System (CUPS), which purportedly allows attackers to gain remote access to UNIX-based systems. The vulnerability, which affects various UNIX-based operating systems, can be exploited by sending a specially crafted HTTP request to the CUPS service. Threat Topography Threat Type: Remote code execution vulnerability in CUPS service Industries Impacted: UNIX-based systems across various industries, including but not limited to, finance, healthcare,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature