Key Findings in the 2020 Cost of a Data Breach Report
Recently, IBM Security published the 15th iteration of the annual “Cost of a Data Breach Report,” researched by the Ponemon Institute. This report details the financial consequences of cybersecurity incidents on businesses. Additionally, it looks at historical data for trends in data breach causes.
The report analyzed over 500 breaches between August 2019 and April 2020, occurring around the world and enterprise industries. Currently, the average cost of a data breach stands at $3.86 million, which represents a 1.5 percent decrease from 2019 ($3.92 million). Meanwhile, the average time to identify and contain data breaches numbers at 280 days. As previously established, the longer it takes to discover and close a breach, the more it costs.
Solutions Review read through the report. Here’s what we found.
What Increases the Cost of a Data Breach? What Decreases It?
The 2020 Cost of a Data Breach also explores the factors which increase and decrease the cost of a data breach on enterprises. Also, it looks at what causes a delay in discovering a data breach in the first place.
Of course, one of the most relevant to the 2020 report is the necessary shift to remote work to limit the spread of COVID-19. According to Ponemon and IBM Security, 76 percent of respondents whose organizations shifted to work-from-home suspect that working from home could increase the time to identify and contain a breach. Another 70 percent of respondents expect that work-from-home could increase the cost of a data breach. On top of these factors, enterprises struggling with the cybersecurity skills shortage suffered from an increase in average cost of $257,000.
However, the report does list the means by which enterprises can limit the costs of a potential breach. For example, businesses that engage in red team testing reported their average costs are $243,000 lower. Additionally, organizations with vulnerability testing experienced an average of $173,000 fewer in costs.
Security Automation and Incident Response
The 2020 Cost of a Data Breach Report illustrates the importance of security automation and incident response. Both can help detect a data breach faster, and thus begin the containment process in a timely fashion. Businesses that deployed security automation technologies such as artificial intelligence and machine learning reported an average data breach cost of $2.45 million. By contrast, organizations with no security automation averaged $6.03 million.
Enterprises appear to be recognizing this fact, as 59 percent of organizations now deploy security automation, compared to 52 percent in 2019.
What Causes a Data Breach?
In addition to calculating the costs of a data breach, the 2020 report details the most common attack vectors. These include compromised credentials and cloud misconfigurations, the two most prevalent attack vectors. The third most common is vulnerabilities in third-party software. Moreover, these three attack vectors are among the costliest, all of them averaging at over $4 million.
Meanwhile, ransomware and destructive attacks prove more expensive than average breaches. Both cost an average of over $4 million.
How to Learn More
Check out the Solutions Review Endpoint Security Buyer’s Guide for more on the top vendors. Also, we explore the top critical capabilities and provide a Bottom Line analysis on each provider.