Data breach expenses are escalating significantly due to investigations, as reported by IBM.
In the ever-evolving landscape of cyber threats, a new report by IBM Security, conducted by Ponemon Institute, sheds light on the rising costs of data breaches and the factors contributing to this trend.
The report, titled "The Cost of a Data Breach Report," reveals that the average cost of a data breach has increased by more than 15% since 2020, reaching nearly $1.6 million per incident. This increase is driven by several factors, including complex security systems, shadow AI, AI adoption risks, identity-based attacks, and compromised identities and supply chains.
In the U.S., average breach costs have reached record highs due to credential-related attacks, supply chain compromises, and insider threats. The report found that phishing and the exploitation of stolen or compromised credentials account for a significant portion of data breaches, with these two attack vectors accounting for 3 in 10 breaches.
John Dwyer, head of research at IBM Security X-Force, emphasized the need to fundamentally shift the goals and objectives of attackers to inhibit their cost-effective attacks. He also stated that the pressure to conduct a more thorough investigation to meet insurance, legal, and regulatory requirements is growing.
One of the key findings in the report is that the investigation phase of data breaches is the fastest growing and costliest category of data breach expenses. The longer a threat actor is in the network, the more expensive the breach becomes.
To reduce vulnerability to extortion-based attacks and mitigate associated costs, organizations should implement comprehensive, risk-based vulnerability management, prevent data theft and detect exfiltration attempts in real time, develop and enforce strong identity and access management controls, deploy AI and automation for threat detection and response, address staff and tool resource gaps, establish clear policies around AI use and shadow AI, and prepare an incident response plan.
By prioritizing these strategies, organizations can enhance their security posture, better defend against modern extortion tactics like double extortion ransomware, and ultimately lower both the likelihood and financial impact of data breaches.
The study researched more than 550 organizations impacted by data breaches between March 2022 and March 2023. Despite the increasing costs, the report did not indicate a shift in the objectives of attackers. However, John Dwyer warned that the complexity of data breaches is increasing, with the off tempo of the criminal contributing to the consistent year-over-year increase in costs.
The average cost of a data breach in 2021 was approximately $4.5 million per incident. The "Cost of a Data Breach Report" by IBM Security was released on Monday. To make data breaches so expensive for attackers that they are no longer worth the effort, it is crucial for organizations to take proactive measures and adopt the strategies outlined in the report. The window of opportunity for reducing the cost of data breaches is closing rapidly.
- The cost of a data breach has seen a significant increase due to various factors in cybersecurity such as complex security systems, identity-based attacks, and phishing incidents, with the latter accounting for 30% of data breaches.
- To address this growing trend, organizations should focus on implementing proactive measures, incorporating comprehensive, risk-based vulnerability management, preventing data theft, detecting exfiltration attempts in real time, and developing strong identity and access management controls.
- In the face of increasing data breach costs, it's imperative for financial institutions to adopt these strategies to strengthen their cybersecurity posture, defend against modern extortion tactics, and ultimately lower the likelihood and financial impact of data breaches.
