IBM Security

The cost of data protection incidents has risen to record highs, and it takes companies longer to detect such security incidents than ever before, IBM said in a recent study. Changes in epidemic management play a major role in the deterioration of indicators, but digital transformation technologies can also help to improve the situation. According to one of the encouraging results of the analysis, the price of data breaches has decreased in non-trust organizations introducing artificial intelligence and hybrid clouds . Last year, companies spent an average of $ 4.24 million worldwide on handling a data protection incident, according to a recent IBM Security report (2021 Cost of a Data Breach Report), an increase of 10 percent over the previous year, and this is the seventeenth time. the highest value in the history of the study. The time required to detect and rectify the data breach also increased to 287 days, ie one week longer in one year than in the previous report. According to the researchers, this can be explained by the drastic changes in the way companies operate, which were cited before the COVID-19 pandemic. To prepare the report, IBM Security, with the help of the Ponemon Institute, analyzed real-life privacy incidents from more than 500 companies worldwide that affected less than 100,000 data sets between May last year and March this year. (The study also analyzes very large mega-incidents involving 50-65 million data sets in a separate chapter, but these were not taken into account when calculating the averages presented here.) Accurately showing all legal, compliance, technical and business costs of a data breach is an extremely complex task. , the study, which takes into account hundreds of factors, therefore provides valuable guidance to companies. The greater the change in the epidemic faced by industry players, the more the costs of data breaches have flown away, this year’s report showed. The average amount of damage in health care was by far the highest during the period under review, at $ 9.23 million per privacy incident, up $ 2 million from the previous year. Also in the financial sector, the data breach cost $ 5.72 million, exceeding the global average, and in the pharmaceutical industry, $ 5.04 million. Although their cost level is lower, trade, media, hospitality and public sector actors have also faced significant increases in data protection incidents. Many companies have been forced over the past year to suddenly change their technology support, encourage or instruct their employees to telecommute, and direct their customers to online channels. According to the IBM Institute for Business Value, 60 percent of organizations have stepped up their cloud-based activities as a result of the pandemic, but cyber security requirements have been pushed into the background during the rapid transformation of the IT environment and weakened. Nearly 20 percent of companies surveyed reported telecommuting as a factor in data protection incidents, and these events cost $ 1 million more ($ 4.96 million) than non-telecommuting cases, and cost 15 percent more than data breaches in general. Data protection incidents suffered during cloud migration projects were 18.8 percent higher than average, but companies that are at a more advanced, mature stage in implementing their cloud modernization strategy have detected and responded to such events earlier – on average 77 days less than organizations in the early stages of cloud deployment Attackers use stolen user IDs most often in privacy incidents, and such personal information — name, email address, password — is most often compromised during security incidents. Analysts say the two trends are mutually reinforcing as attackers gain more and more identities, leading to even more privacy incidents. Nearly half of the data breaches investigated (44 percent) involved customers’ personal information, such as name, email address, password, or even health information, and the study found that data sets exploited by attackers most often fell into this category. Also, the loss of customer personally identifiable information (PII) costs the most, at $ 180 per data set, while the cost of incidents per data set averages $ 161. In 20 percent of privacy incidents, attackers used stolen IDs, making it the most commonly used method by criminals in the analysis. In addition, companies detected this type of data breach the slowest in 250 days, while the average incident detection time was 212 days. Given that 82% of users recycle and use their passwords for multiple accounts, identifiers that are both a tool and a target for data breaches are highly vulnerable and carry complex risks that companies should not lose sight of.

Cost-saving intelligence and automation

Although the transformation of the IT environment in the epidemic situation has increased the cost of data breaches, organizations that do not launch digital transformation projects at all have actually paid a higher price for such incidents. In their case, the cost of a data breach was 16.6 percent, or $ 750,000, higher than for organizations that digitally transform their operations. Artificial intelligence, security analytics, and encryption proved to be the best factor in reducing the cost of privacy incidents, saving the companies surveyed between $ 1.25 million and $ 1.49 million each in handling a security incident. And when analyzing cloud-based data breaches, the researchers found that the average cost of data breaches ($ 3.61 million) was lower for companies using the hybrid cloud approach than for primarily public cloud ($ 4.80 million) or private cloud ($ 4.55 million). organizations Data protection incidents have also been handled more effectively by companies using a zero trust approach. Their strategy is based on the assumption that both user IDs and the networks themselves can be compromised and corrupted, and therefore use artificial intelligence and analytics tools to continuously monitor and validate the relationships between users, data, and resources. The cost of organizations with a mature zero trust practice was $ 3.28 million per data protection incident – $ 1.76 million less than organizations that would not have taken such an approach. The study further finds that compared to the previous year, more organizations have made progress in automating cyber defense last year, achieving significant savings. Sixty-five percent of the companies surveyed partially or fully automated their security environment, compared to 52 percent two years ago. The cost to organizations that fully automate their cyber defense was $ 2.90 million per data breach, while for non-automation companies, the bill more than doubled to $ 6.71 million. For companies that also invest in testing their incident management plan, the average cost of data breaches also proved to be half as high as for organizations that do not spend on testing. According to analysts, digitization, which is consistent with security from the outset, can therefore be shown to pay off in this way as well. Hardware, software, tests, curiosities and colorful news from the IT world by clicking here