sb-as logo
Story image

80% of security breaches involve exposure of customer data - IBM

31 Jul 2020

Data breaches which compromise employee accounts have been found to be the most expensive, according to a new report from IBM Security, which also discovered that breaches in general cost companies an average of US$3.86 million per incident.

The figures are part of a study released today based on analysis of over 500 worldwide organisations which have all at some time experienced some sort of data breach.

80% of surveyed organisations reported having exposed customers’ personally identifiable information (PII) as a result of a breach, and out of all types of data exposed in these breaches, customer PII was also the costliest to businesses.

Security automation a key player

One of the key findings of the report was the effectiveness of security automation. 

Companies that leverage AI, analytics and automated orchestration to respond to security events experience less than half the data breach costs compared to those who didn’t have these tools deployed – $2.45 million vs. $6.03 million on average.

Security response times were also reported to be ‘significantly shorter’ for companies with fully deployed security automation – these companies are as much as 27% faster than their counterparts at responding to breaches.

“When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies,” says IBM X-Force Threat Intelligence vice president Wendi Whitmore.

“At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data. 

“Security automation can help resolve this burden, not only enabling a faster breach response but a significantly more cost-efficient one as well.”

Credentials and misconfigured clouds - the entry point of choice

At 40% of all incidents, the most common cause of a malicious breach for the surveyed companies was stolen or compromised credentials and cloud misconfigurations. 

Attackers use cloud misconfigurations to breach networks almost 20% of the time, which can result in increased costs by more than $500,000 when comparing to last year’s report.

Additionally, the report found that attackers used previously exposed emails and passwords in 20% of all analysed breaches – prompting IBM to urge companies to re-examine their authentication protocols and consider a zero-trust approach.

State-sponsored attacks hit hardest

While they represent around a tiny 13% of all malicious breaches, state-sponsored attacks were the most damaging, according to the report.

These types of attacks tend to target high-value data and thus result in a more extensive compromise of victim environments, with costs of breaches averaging around $4.43 million.

The energy sector, commonly targeted by nation-states, saw a 14% increase in breach costs when compared to the prior-year period, with an average breach cost of $6.39 million.

Story image
IBM Security completes industry first with updates to Cloud Pak for Security solution
"With these updates, we will be the first in the industry to bring together external threat intelligence and threat management alongside data security and identity."More
Story image
Zoom to begin rolling out end-to-end encryption
Available starting from next week, it represents the first phase out of four of the company’s greater E2EE offering, which was announced in May following backlash that the company was lax on its security and privacy.More
Download image
Enterprise leaders discuss what makes up networking infrastructure
NFV is fast becoming the go-to method of simplifying corporate networks from planning, through deployment and management.More
Story image
Financial institutions in APAC region to invest millions in fraud prevention
"The pandemic is creating a lot of uncertainty, but the majority of FIs in APAC recognise that an end to end fraud management platform is strategic to differentiating themselves from the highly disruptive landscape they are playing in."More
Story image
Video: 10 Minute IT Jams - protecting data with user behaviour analytics
In this video, Forcepoint senior sales engineer and solutions architect Matthew Bant discusses the company's DLP solution, the importance of integrating compliance into security solutions, and why cybersecurity strategies should take a more people-based approach.More
Story image
BlackBerry, Microsoft enter partnership for Teams integration
"Integrating BlackBerry AtHoc will ensure that any organisation managing critical events using Teams is able to contact, alert, and account for everyone within the organisation directly."More