Study: On Average, Data Breaches Cost $3.86M Each
One out of five data breaches was due to an attacker using previously exposed employee credentials, and misconfigured cloud networks were used by attackers nearly 20% of the time.
Traverse City, Michigan — It’s no secret that data breaches are a nuisance and an unfortunate part of doing business. According to a new IBM study, they are also very expensive.
The 2020 Cost of a Data Breach Report, sponsored by IBM Security and conducted by the Ponemon Institute, found that data breaches cost organizations $3.86 million on average, and that compromised employee accounts were the most expensive root cause.
The study, which looked at data breaches at over 500 global organizations and interviewed more than 3,200 security professionals at organizations that suffered a data breach last year, found that 80% of these breaches resulted in the exposure of customers’ personally identifiable information. Those kinds of breaches were the costliest to remedy, the study found.
Stolen or compromised employee credentials, along with cloud misconfigurations, were the most common cause of a data breach. Nearly 40% of malicious data breaches were caused by those incidents.
According to the report, one out of five breaches was due to an attacker using previously exposed employee credentials.
Misconfigured cloud networks were used by attackers nearly 20% of the time, increasing breach costs by more than $500,000.
State-sponsored attacks, which represent just 13% of breaches studied, were the most damaging, according to the report, leading ot an average cost of $4.43 million.
IBM found that advanced security technologies like artificial intelligence, automation, machine learning, analytics and others can help organizations save money in the event of a breach. Specifically, that’s a cost-saving difference of $3.58 million for organizations with fully-deployed security automation versus those without.
In addition, incident response preparedness can help keep costs low when responding to a data breach. Organizations with neither an incident response team nor plans saw an average of $5.29 million in breach costs, compared to $2 million at organizations that have both an incident response team and simulations.
“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” said Wendi Whitmore, vice president, IBM X-Force Threat Intelligence. “At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only supporting a faster breach response but a more cost-efficient one as well.”
This article originally ran in CS sister publication MyTechDecisions.com. is TD’s web editor.