IBM Security recently announced the results of a global study which found that data breaches had cost surveyed companies over $4m per incident on average – the highest cost recorded in each of the 17-year history the IBM report has been produced.
The in-depth analysis, which was based on real-world data breaches experienced by over 500 organisations, suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the Covid-19 pandemic, with costs rising 10% compared to 2020.
As the pandemic spread across the globe, businesses were forced to adapt their technology approaches at pace last year, with many companies encouraging or requiring employees to work from home. In addition, 60% of organisations moved further into cloud-based activities during the pandemic.
These new findings released suggest that security may have fallen behind these rapid IT changes, potentially hindering organisations’ ability to respond to data breaches. The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, identified the following trends amongst the organisations studied:
Average cost of a data breach in 2021 was $4.24m (circa £3.15m).
That represents a 10% increase in cost year-on-year.
20% of all data breaches were caused by credentials being compromised.
The average cost of a compromised credentials data breach was $4.37m (circa £3.25m).
By industry: Data breaches in healthcare were most expensive by industry ($9.23m), followed by the financial sector ($5.72m) and pharmaceuticals ($5.04m). While lower in overall costs, retail, media, hospitality and the public sector experienced a large increase in costs vs. the prior year.
By country/region: The US had the most expensive data breaches at $9.05 million per incident, followed by Middle East ($6.93m) and Canada ($5.4m).
Time to respond: The average time to detect and contain a data breach was 287 days (212 to detect, 75 to contain), which is one week longer than the prior year report.
Mega breaches: Average cost of a mega breach was $401 million, for breaches between 50 million and 65 million records. This is nearly 100x more expensive than the majority of breaches studied in the report (which ranged from 1,000-100,000 records).
At Griffiths & Armour our risk management team regularly advise and support our clients by reviewing their cyber protections and insurance arrangements. We would also recommend any business or organisation that has not carried out a similar review recently does so as early as possible, especially in light of these findings. Our team are also available to discuss any questions you have on this subject. Please contact Greg Street below with any questions you have.
In addition, Griffiths & Armour can undertake cyber insurance assessments to assist your business to quantify your cyber exposures against probability. If you are a Griffiths & Armour client, you can access instant guidance on cyber risk management which is available by accessing your RMworks online risk management portal account. You can also find further information on RMworks or login to your RMworks account here.
Download a copy of the report:
If you know someone who’ll find this interesting, please share it...