Written by James Orme Tue 23 Jul 2019

Countries based in the Middle East are most susceptible to attacks

The average cost of data breaches has risen by 12 percent over the past five years, costing businesses $3.92 million on average, according to IBM’s annual Cost of Data Dreach report.

The report interviewed more than 500 companies that have suffered a breach in the past year to assess cost factors ranging from legal and regulatory activities to loss of customers and productivity.

Although the average cost of a breach stands at around $4 million, IBM found that breaches are significantly more costly for US organisations. The average cost of a breach in the US cost $8.19 million, more than double the worldwide average, a 130 percent increase since 2007.

Countries based in the Middle East are most susceptible to attacks, IBM said. The region reported nearly 40,000 breaches per incident compared to the global average of 25,500.

Malicious breaches

Deliberate cyber attacks are marginally more common (51 percent) than accidental attacks (41 percent), but their frequency has risen by 21 percent over the past six years and the costs associated with them are significantly larger.

Attacks perpetrated by criminals cost companies $4.45 million on average, $1 million more than the average cost of attacks caused by system glitches or errors.

“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services.

“With organisations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

Cloud configuration

Inadvertent breaches from human error and system glitches cost companies $3.50 and $3.24 million on average, respectively, and IBM said a growing weak spot is misconfigured cloud servers.

“One particular area of concern is the misconfiguration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43 percent of all lost records for the year according to the IBM X-Force Threat Intelligence Index,” the report reads.

As is to be expected, the larger the breach, the higher the bill. Breaches greater than 1 million records cost companies a projected $42 million in losses; and those of 50 million records are projected to cost companies $388 million.

IBM said speed and efficient incident response is the most effective way to reduce the overall costs of a data breach. Companies that detected a breach in fewer than 200 days shaved $1.2 million of its total cost.

“Having an incident response team in place and extensive testing of incident response plans were two of the top three greatest cost-saving factors examined in the study. Companies that had both of these measures in place had $1.23 million less total costs for a data breach on average than those that had neither measure in place ($3.51 million vs. $4.74 million),” the report reads.

The report also revealed that breaches are still most costly to healthcare organisations, costing them $6.5 million on average, 60 percent more than other industries.