Market researchers at the renowned Ponemon Institute have once again been commissioned by IBM to gather and analyze substantial amounts of data regarding the cost of data breaches and leaks for their 2023 report. This time round, the data protection breaches examined in the report were drawn from 16 countries and 17 different sectors.
According to the Cost of a Data Breach Report 2023, the total global average cost of a data breach has risen to an all-time high of US$4.45 million, an increase of 2.3 percent over the US$4.35 million recorded in 2022. In fact, the average cost has grown by an eye-opening 15.3 percent when compared with 2020 (US$3.86 million).
For the 13th year in a row, data breaches in the highly regulated healthcare sector have proven most expensive. Here, a breach will set a company back US$10.93 million on average, 53.3 percent more than in 2020.
Only every third data breach was discovered by the internal teams or tools at the impacted company. In contrast, 67 percent were revealed either by neutral third parties or by the attackers themselves. In the latter case, the data breach ended up costing around a million dollars more than those identified internally.
Data stored in the cloud was targeted especially often by cyber criminals. An imposing 82 percent of the data breaches analyzed involved data stored in a cloud environment – public, private or multiple/hybrid. In 39 percent of the cases, the attackers gained access to multiple environments, pushing the cost up to US$4.75 million.
According to the report, companies can achieve the most significant savings when it comes to cyber security by already integrating security testing as a fixed component in their software development approach (DevSecOps). Companies which have already taken this to heart, got off more lightly than those with little or no DevSecOps integration to the tune of US$1.68 million. The planning and testing of incident response (IR) procedures for data breaches also offer substantial potential for savings, resulting in reduced costs of US$1.49 million on average.
Complex security systems make data privacy breaches more expensive. Companies with little or no complexity in their systems came off considerably better, with data breaches costing US$3.84 million on average. On the contrary, organizations with complex security systems forked out an above-average US$5.28 million, which represents an increase of 31.6 percent.
As in previous editions of the Cost of a Data Breach Report, the rule still applies: The later a data breach is detected, the more costly it becomes. Breaches discovered and contained within fewer than 200 days cost US$ 3.93 million on average, while those with a breach lifecycle of more than 200 days amounted to US$4.95 million on average – a difference of 23 percent.
From a regional perspective, data privacy incidents are by far the most expensive in the USA, where a data breach currently sets companies back by US$9.48 million on average (2022: US$9.44 million). Not far behind is the Middle East with US$8.08 million, which is followed with quite some distance by Canada (US$5.13 million). With an average cost of US$4.67 million, Germany comes in fourth on the list, while France and Italy occupy the 7th and 8th places with US$4.08 million and US$3.86 million respectively.
The most commonly employed initial attack vectors were phishing and stolen/misappropriated credentials, accounting for 16 and 15 percent of all breaches respectively. Phishing was the attack vector resulting in the second highest average costs at US$4.76 million, behind malevolent insiders (US$4.9 million) but ahead of Business Email Compromise (BEC) with US$4.67.
Yet another reason to provide email, as a business-critical communication channel, with the best possible protection from attacks. For instance, with the Secure Email Platform and Email Security services offered by Retarus. You can find out more on our website or directly from your local Retarus representative.