In conjunction with the Ponemon Institute, IBM has released the latest edition of its annual “Cost of a Data Breach Report”, which is appearing for the 15th time in 2020. For the study, a large-scale survey was conducted in 17 countries to gather data from 3200 people employed at 524 companies across 17 different sectors.
According to the survey, the average total cost incurred from a data breach amounts to 3.86 million US dollars – surprisingly, this is slightly lower than last year’s average of 3.92 million dollars. Geographically, a data breach in the US is most expensive, and as far as the industry vertical is concerned, the healthcare sector is likely to suffer the highest losses. On average, 280 days pass before a data breach has been detected and contained, while more than half of all data breaches are caused by malicious attacks.
The study shows that data sets containing Personally identifiable information (PII) are compromised far more often than any others. The loss or theft of a data set including PII costs companies an average of 150 US dollars, and breaches caused by malicious attacks are even more expensive at 175 US dollars. Every fifth company (19 percent) which suffered a malicious data breach was infiltrated by means of stolen or compromised login details or credentials. At the same time, incorrectly configured cloud servers (also 19 percent) represents the most common initial threat vector for breaches caused by malicious attacks.
Mega data breaches generate astronomical costs
Companies affected by breaches involving more than a million data sets, incurred costs far higher than the average. Data breaches of up to 10 million compromised data sets resulted in costs averaging 50 million US dollars. For incidents in which more than 50 million data sets were compromised, the average costs added up to 392 million dollars, more than 100 times higher than the average costs for a data breach.
Most malicious attacks came from financially motivated cyber criminals, however breaches brought about by state-sponsored protagonists resulted in the highest costs, according to Ponemon and IBM. It is suspected that 53 percent of the malicious attacks included in the 2020 study can be attributed to cyber criminals with a financial motive, compared with 13 percent carried out by state-sponsored players, 13 percent by hackers and 21 percent by unknown protagonists. Phishing, business email compromise and social engineering remain among the most common methods of raiding the data of companies.
That’s why powerful protection for the company’s email infrastructure, whether on-premises or in the cloud, is as essential as regularly sensitizing users about dealing carefully with emails, especially those coming from a previously unknown source. The Secure Email Platform offered by Retarus is included by Forrester Research in its new “Now Tech: Enterprise Email Security Providers, Q3 2020” report as the only independent, fully-fledged secure email gateway based in Europe – not so inconsequential in the light of the recent decision by the EU Court of Justice to strike down the “Privacy Shield“ data protection deal with the USA as invalid with immediate effect.