Today’s ‘mega’ data breaches now cost companies $392 million to recover from
Today’s ‘mega’ data breaches now cost companies $392 million to recover from
IT Data Solutions
The average cost of a “mega” data breach has risen astronomically over the past year and enterprise players impacted by such a security incident can expect to pay up to $392 million.
Data breaches are a commonplace occurrence now and cyberattacks launched against companies have spawned a new cyberinsurance industry, the emergence of regulatory and class-action lawsuits against firms that fail to protect data, and new laws — such as the EU’s GDPR — that can be used to impose heavy penalties against data controllers with lax security.
Yet, the data breaches keep rolling in, some of which lead to the theft of consumer records for sale on underground forums and an increased risk of identities being stolen.
In order to tackle the aftermath of a data breach, organizations may need to spend funds on repairing systems and upgrading architectures, they may need to invest in new cybersecurity services and cyberforensics, and they may also face lawsuits or regulatory penalties — and the cost continues to increase year-on-year when customer PII is involved.
On Wednesday, IBM released its annual Cost of a Data Breach Report which says that the average data breach now costs $3.86 million. While this average has decreased by 1.5% in comparison to 2019, when over 50 million consumer records are involved, these “mega” breaches can cost up to $392 million to remedy, up from $388 million in 2019.
If an organization is acting as a data controller for between 40 and 50 million records, the cost on average is $364 million, and organizations could face a cost of up to $175 per consumer record involved in data theft or leaks.
The study, conducted by the Ponemon Institute, includes interviews with over 3,200 security professionals working at companies that have experienced a data breach in the past year.
Compromised employee and insider accounts, as highlighted by the recent Twitter hack, are one of the most expensive factors in data breaches today, bringing the average cost of a data breach up to $4.77 million. When insider accounts were involved, 80% of incidents resulted in the exposure of customer records.
In total, stolen or compromised account credentials — alongside cloud misconfigurations — account for close to 40% of security incidents.
IBM says that in one out of five breaches, compromised account credentials have been used as an entryway for attackers, leading to the exposure of over 8.5 billion records in 2019 alone. Cloud misconfigurations account for close to 20% of network breaches.
CNET: Apple’s new security program gives special iPhone hardware, with restrictions attached
The exploit of third-party vulnerabilities, such as zero-days or unpatched security flaws in enterprise software, are also a costly factor in data breaches. An enterprise company that suffers a data breach due to such vulnerabilities can expect to pay up to $4.5 million.
