Northdoor comment
Companies cannot lose focus on the threat of cybercrime after the increased costs of data breaches
According to the latest Cost of a Data Breach report from IBM, the cost for companies that have suffered a data breach has increased in 2022 to $4.35million. This is up 2.6 % from last year and an incredible 12.7 % from 2020.
Such a marked increase should be a warning to companies who have yet to fully appreciate the importance of identifying and closing vulnerabilities within their businesses. It is not just the cost of a breach that is increasing but also the level of sophistication that cybercriminals are using in their attacks.
It is not just the cost of a breach that is increasing but also the level of sophistication that cybercriminals are using in their attacks. Click To Tweet
Most companies suffer more than one data breach
Perhaps one of the most disturbing stats from the report is the huge percentage of companies that have suffered more than one breach. 83% of organisations have been impacted by more than one data breach, which comes at a cost to the customer.
Those companies hit by a breach have had to pass the associated cost onto customers, with 60% reporting that they had increased the price of goods and services.
When the cost of living rises and inflation increases, companies that suffer a data breach are impacted more than ever, this is something that cybercriminals are very aware of. Over the past three years, we have seen cybercriminals upping their efforts to take advantage of global events, including the pandemic, the war in Ukraine and the resulting economic crisis.
Suffering more than one breach also highlights how cybercriminals can identify where vulnerabilities lie within an organisation and take advantage quickly. Companies must do more to identify the vulnerabilities and shut them down before they are breached.
Suffering more than one breach also highlights how cybercriminals can identify where vulnerabilities lie within an organisation and take advantage quickly Click To Tweet
Ransomware remains the most expensive type of data breach
One of the main tactics used by cybercriminals is ransomware. This attack has been responsible for some of the most high-profile data breaches over the last year. It remains more expensive than the average cost of a breach, and although this has decreased slightly from last year, the cost still comes in at a massive $4.54million per attack.
More worryingly, the share of breaches caused by ransomware has grown since last year, up by 7.8 % from 2021 to 11 % in 2022- a growth rate of 41 %. This points to a real issue for businesses. Whilst any data breach is bad enough, ransomware attacks take more money, tend to be used in association with some of the most sophisticated attacks (such as phishing or Social engineering) and have a significant impact on a company’s reputation, to say nothing of the regulatory consequences.
New cybersecurity tactics are stopping cybercriminals in their tracks
Over the next few months, there is cause for optimism amongst some rather worrying stats. It seems that some of the new tactics implemented by many companies are affecting the success of cyber criminals and the impact of a breach.
For example, more companies are implementing a zero-trust approach to their cybersecurity. Zero-trust is where nothing inside or outside the corporate network is taken at face value. It wraps layered, proactive, and AI-powered around every user and every element in your infrastructure.
Those deploying zero-trust architecture grew from 35 per cent in 2021 to 41 per cent in 2022. The 59 % that did not deploy zero-trust incurred an average of $1 million more in breach costs. Those companies with mature zero-trust deployments had even better savings, with, on average, about $1.5 million lower than those at the initial stages of a zero-trust program.
Security AI and automation solutions significantly reduce breach costs
As with those companies implementing AI-powered zero-trust policies, the use of other AI and automated solutions has also risen, with 70 % now using such technology. This marks an 18.6 % growth rate from 2020.
For those fully deployed AI and automation solutions, breach costs were significantly reduced. They had $3.05 million less in fees than organisations with no AI or automation.
The ROI is very clear from this stat. Taking the responsibility away from one or two individuals within an organisation’s automated process also means that an organisation is less likely to be breached and remain in line with regulations.
IT consultancies help remedy insufficient skills gaps within organisations
The implementation and management of zero-trust and other AI and automated solutions are impacting a business’s ability to fight off a cyber-attack or keep costs and consequences as low as possible if a cybercriminal did get through.
However, identifying and managing such solutions is a daunting, if not impossible, task for companies with small or no internal IT teams. This is backed up by the report, with just 38 % of organisations believing that their security team was sufficiently staffed.
This skills gap was associated with data breach costs that were $550,000 higher for understaffed organisations than those with sufficiently staffed teams.
However, this isn’t all bad news for those who cannot employ an entire team. Many are turning to IT consultancies with the experience and expertise to advise on the most appropriate cyber defences and implement and manage them. This allows smaller IT in-house teams to focus on other critical business functions whilst having peace of mind that the security is in the hands of a proactive and expert team.
Undoubtedly the consequences of being breached are more severe for organisations than ever. Cost, loss of reputation, impact on day-to-day business, and regulatory penalties are piling pressure on companies, and cyber criminals are keen to take advantage of increasingly sophisticated attacks. However, it is encouraging that more companies are implementing data solutions and strategies that impact their ability to defend themselves.
The key is ensuring that there is no complacency within organisations, as cybercriminals will constantly increase their efforts.
Download the report now and register for the IBM Security webinar to uncover some of the leading contributors to higher data breach costs and learn what proactive and responsive measures organisations can take to help mitigate the potential damages of a data breach.