Falling victim to a data breach can be devastating for a company’s reputation as well as to its bottom line with each breach costing companies $3.86m per breach according to a new report from IBM.
To compile it’s new 2020 Cost of a Data Breach Report, IBM Security and the Ponemon Institute interviewed more than 3,200 security professionals from over 500 organizations worldwide that suffered a data breach over the past year.
The report found that businesses that had deployed security automation technologies, which leverage AI, analytics and automated orchestration to identify and respond to security events, experienced less than half the data breach costs than those who didn’t at $2.45m per breach as opposed to $6.03m on average.
When it came to the most common causes of data breaches among the businesses surveyed in IBM’s report, stolen or compromised credentials and cloud misconfigurations were responsible for almost 40 percent of malicious incidents. The report also revealed that attackers took advantage of cloud misconfigurations to breach networks nearly 20 percent of the time.
While the average cost of a data breach decreased by 1.5 percent when compared to last year, mega breaches where over 50m records were compromised saw costs jump from $388m to $392m this year. Additionally, breaches where 40 to 50m records were exposed cost the companies in IBM’s report $364m on average, representing a $19m increase compared to last year’s report.
Of the different types of data breaches studied in the report, breaches believed to originate from nation state attacks were the costliest. State-sponsored attacks cost organizations $4.43m in data breach costs on average making them more expensive than attacks carried out by financially motivated cybercriminals and hacktivists.
Vice president of IMB X-Force Threat Intelligence, Wendi Whitmore provided further insight on the report’s findings in a press release, saying:
“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies. At a time when businesses are expanding their digital footprint at an accelerated pace and the security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. Security automation can help resolve this burden, not only supporting a faster breach response but a more cost-efficient one as well.”