The price tag for a data breach went up this year, way up. Although the global average cost per breach is now a whopping $3.86 million, the average cost for the U.S. is $8.64 million, the most expensive in the world. IBM’s “2020 Cost of a Data Breach” report sheds light on the growing financial costs of a breach, having increased by more than $2 million each over the past two years. The report also finds employees are the costly reason behind enterprise data breaches. That’s because employee error leads to compromised accounts, and compromised accounts are exploited resulting in data breaches.
The IBM report looks at other factors impacting a breach and how they can increase or lower the financial cost to the enterprise, as well as the number of stolen customer data files. The extent of damage to an enterprise is reflected in security protocols and in the technology that can help prevent a malicious breach. To sum it up, the total price tag ultimately depends on the action, or inaction, of the enterprise and the extent of security precautions they have in place to counter data breaches.
Data Breach Average Overview
- Average global cost of a data breach is $3.8 million. U.S. breaches hit that out of the park at $8.64 million.
- 52% of data breaches are caused by malicious attacks.
- 34% of malicious incidents caused by credential compromise and cloud server misconfigurations—split evenly at 17% each.
- 70% of respondents say remote work increases cost of data breach.
Data Breach Costs on Average
- Over 8.5 billion records exposed last year with the cost of $150 per customer record.
- $137 thousand added to cost due to employees working remotely.
- It takes 280 days to identify and contain a data breach.
Data Breach Savings on Average
- Savings of $2 million plus for enterprise with IR (incident response) team that tested their IR plan vs. those with no IR team or testing.
- $3.86 million savings for enterprise with fully deployed security automation vs. those with no automation deployed.
- $1 million savings when a breach is contained in less than 200 days.
Keep a couple of points in mind. While it all sounds gloomy, there are actions to take, such as installing perimeter tools like antivirus technology, anti-spam filters, and of course firewalls and intrusion detection and prevention systems. But there is even a less-technological mitigation tool: Security awareness training. Take some time to teach employees, staff, and consultants the evolving security risks and how to avoid them. There are many ways to do this, including having someone on staff provide it or hiring an outside company to provide it for you. There are also service providers who will create training courses that can be provided to the staff at your convenience.
Phishing is still the most common way breaches occur. The users are the end of the line for preventing many attacks. If users know how to identify them, they can avoid letting loose the latest ransomware into your network. If they understand how important patching is, they will be more willing to make sure it gets done on their workstations.
Continuous and ongoing awareness training just might be the ticket to keeping your breach costs in your organization’s bank account.