Data breaches are one of the most serious threats facing businesses today. A data breach occurs when unauthorized parties access, steal, or expose sensitive information, such as customer data, employee records, intellectual property, or financial transactions. Data breaches can have devastating consequences for the affected organizations, such as reputational damage, legal liability, regulatory fines, customer churn, and loss of revenue.
According to a global study by IBM Security and Ponemon Institute, the average cost of a data breach in 2023 was $4.45 million, a 15% increase over the last three years. The study analyzed the real-world experiences of more than 500 organizations that suffered a data breach between August 2022 and April 2023. The study found that data breaches became more costly and harder to contain due to the drastic operational shifts during the pandemic, such as the rapid adoption of remote work and cloud computing.
In this article, we will explore some of the key findings and insights from the IBM study (IBM cost of a data breach), and provide some recommendations on how to prevent and mitigate data breaches.
What are the main causes and factors of data breaches?
The IBM study identified the following trends and patterns among the data breaches studied:
- The most common root cause of data breaches was compromised credentials, accounting for 20% of the incidents. This means that attackers were able to access the systems or networks of the organizations by using stolen or weak user credentials, such as usernames and passwords. This highlights the importance of enforcing strong password policies and implementing multifactor authentication for all users.
- The most common type of data exposed in data breaches was customer personal data, such as name, email, password, and payment information. This type of data was involved in 44% of the breaches, followed by customer health information (18%), employee personal data (14%), and intellectual property (12%). Customer personal data is highly valuable for cybercriminals, as they can use it for identity theft, fraud, phishing, or selling it on the dark web. Therefore, organizations need to protect this data with encryption, masking, and access control.
- The most costly data breaches were those that involved healthcare, retail, hospitality, and consumer manufacturing/distribution industries. These industries faced huge operational changes during the pandemic, which may have increased their vulnerability to cyberattacks. Healthcare breaches were the most expensive, costing $9.23 million on average, a $2 million increase from the previous year. This reflects the high value and sensitivity of health data, as well as the strict regulatory compliance requirements for this sector.
- The most significant factor that increased the cost of a data breach was the time to identify and contain the breach. The average time to identify a breach was 239 days, and the average time to contain a breach was 82 days. The longer it takes to detect and respond to a breach, the more damage it can cause, as the attackers can access more data, disrupt more operations, and evade more defenses. The IBM study found that breaches that took more than 200 days to identify and contain cost $4.87 million on average, while those that took less than 200 days cost $3.61 million on average.
What are the best practices and technologies to prevent and reduce data breaches?
The IBM study also provided some valuable recommendations and insights on how to prevent and reduce data breaches, based on the experiences and actions of the organizations studied. Some of the key takeaways are:
Invest in security AI and automation. The IBM study found that organizations that used security AI and automation extensively saved $1.76 million on average compared to those that did not. Security AI and automation can help organizations detect and respond to threats faster and more efficiently, by using advanced analytics, machine learning, and orchestration tools. For example, IBM Security QRadar SIEM uses AI to rapidly investigate and prioritize high-fidelity alerts based on credibility, relevance, and severity of the risk. IBM Security Guardium features built-in AI outlier detection that enables organizations to quickly identify abnormalities in data access.
Adopt a hybrid cloud approach. The IBM study found that 82% of the breaches involved data stored in the cloud, as more organizations moved their data and applications to cloud-based platforms during the pandemic. However, not all cloud environments are equally secure, and organizations need to adopt a hybrid cloud approach that provides visibility and protection across multiple clouds, databases, apps, and services. The IBM study found that organizations that implemented a hybrid cloud approach had lower data breach costs ($3.61 million) than those that had a primarily public cloud ($4.80 million) or primarily private cloud approach ($4.55 million). IBM Security Guardium helps organizations uncover, encrypt, monitor, and protect sensitive data across more than 19 hybrid cloud environments to give them a better security posture. IBM data security services provide organizations with advisory, planning, and execution capabilities to secure their data, whether they are migrating to the cloud or need to secure data already in the cloud.
Implement an incident response plan and test it regularly. The IBM study found that organizations that had an incident response (IR) team and tested their IR plan regularly saved $2.03 million on average compared to those that did not. An IR plan is a set of policies and procedures that define the roles and responsibilities of the IR team, the steps to follow in the event of a breach, and the tools and resources to use. Testing the IR plan regularly helps the IR team to identify and address any gaps or weaknesses in the plan, and to improve their skills and readiness. IBM Security offers a range of IR services and solutions, such as IBM Security X-Force Incident Response and Intelligence Services (IRIS), IBM Security Resilient, and IBM Security SOAR, to help organizations prepare for, respond to, and recover from data breaches.
Train and educate employees on security awareness and best practices. The IBM study found that human error was the root cause of 19% of the data breaches, such as misconfigurations, lost devices, or phishing attacks. Therefore, organizations need to train and educate their employees on how to avoid common security mistakes and how to recognize and report suspicious activities. The IBM study found that organizations that provided security awareness training to their employees saved $0.72 million on average compared to those that did not. IBM Security offers a variety of security education and training solutions, such as IBM Security Learning Academy, IBM Security Skills Framework, and IBM Security Awareness Training, to help organizations develop and maintain a security-savvy workforce.
Data breaches are a serious and costly threat for businesses of all sizes and industries. The IBM study revealed some of the main causes and factors of data breaches, as well as some of the best practices and technologies to prevent and reduce them. By following these recommendations, organizations can improve their security posture and resilience, and protect their data, customers, and reputation from cyberattacks.