The IBM report, now in its 17th year, illustrates just how expensive breaches are, and it makes for scary reading.
The topline findings from the IBM report are:
- Data breach costs rose from $3.86 million to $4.24 million per company in the last year;
- Lost business represents 38% of the data breach costs;
- Compromised credentials attacks account for 20% of breaches;
- The average number of days to identify a breach was 287;
- There was an 80% cost difference (reduction) where AI and automation was deployed.
And the IBM report proves what we have been saying for months, that the increase in cost due to remote working was $1.07 million.
The costs presented in the IBM report are not just ‘successful’ ransomware attacks (they accounted for just 8% but were pretty effective) but are the knock-on effects in key areas such as regulatory burdens, reporting, loss of business, downtime and getting customers back who had fled because of the breach.
The numbers in the IBM report are scary enough but set against a background of the escalation in the sophistication of attack; it is hard to see how companies can keep up and stay protected.
The amount of old infrastructure, old processes, and even older systems still out there (Colonial Pipeline as an example) mean that the level of investment needed to upgrade them, let alone maintain them, is a daunting prospect.
We are also at a stage where human cost is a significant factor. IT and security personnel are stressed out, feeling guilty and responsible if their company suffers a breach and even avoiding the problem and turning off alerts. The IBM report will not help their mental health.
As the range of attacks (from phishing attacks to nation sponsored attacks on Governments) increases, it is clear that something must be done. Hopefully, governments and IT professionals will read the IBM report because they must help fix this serious and growing problem.
The IBM report is entitled ‘Cost of Data Breach’ and can be found, free, here.