As technology continues to transform the business landscape, the threat of data breaches looms larger than ever before. In an era marked by escalating cyber threats and data breaches, businesses worldwide find themselves at a crossroads when it comes to cybersecurity investment. The 2023 Cost of a Data Breach report by IBM reveals that the average data breach costs have reached an all-time high globally - US $4.45 million in 2023. This is a 15% increase over the last 3 years. However, only 51% of the surveyed organizations that have experienced more than 1 breach plan to increase their security investments, which includes incident response planning and testing, employee training and threat detection and response tools. Rather, 57% of the surveyed organizations are more likely to pass incident costs onto their consumers. This is worrying due to the escalating sophisticated tactics that cybercriminals are employing. In ASEAN The average data breach costs in ASEAN have also reached a record high of US$3.05 million per incident. With the financial and energy sectors having the average highest cost per breach - US$4.81 million and US$3.60 million respectively. Key Findings 1. Security AI & Automation Speeds Breach Identification & Containment “Time is the new currency in cybersecurity both for the defenders and the attackers” Chris McCurdy, General Manager, IBM Early detection and a fast response do help to significantly reduce the impact of a breach. Security AI & Automation had the biggest impact on speed of breach identification and containment for the surveyed organizations. Organizations that heavily utilized both AI and automation experienced a data breach lifecycle that was 108 shorter compared to organizations that did not deploy these technologies (214 days versus 322 days). Hence, investments in threat detection and response that help accelerate speed and efficiency, such as security AI and automation, are essential. As AI and automation is one of the biggest cost and time saving factors in the report. 2. Security AI & Automation Are Cost Saving Organizations that deployed security AI and automation, on average, shortens the breach lifecycle, as compared to those who do not, experienced significantly lower incident costs. They saved an average of US$1.76 million compared to those that had limited or no use. This is the biggest cost saver identified in the IBM report. This is especially important as threat actors have reduced the average time to complete a ransomware attack. With 40% of surveyed organizations not deploying security AI and automation, there are gaps in which organizations can boost their security posture through boosting detection and response speed. 3. Reporting to Law Enforcement Lower Costs Many organizations that have been ransomware, have this misconception that by involving law enforcement, this would drive up their incident costs. Surveyed organizations that were ransomware victims showed that: 37% preferred not to involve law enforcement, and 47% paid the ransom. Rather it’s the opposite, paying the ransom and avoiding law enforcement drives up the cost. The IBM report found that ransomware victims that involved law enforcement saved US$470,000 in average costs of a breach, compared to those that did not involve law enforcement. Furthermore, they also experienced a shorter average breach life cycle that was 33 days shorter, compared to those that did not involve law enforcement. This shows that paying the ransom and not involving law enforcement, not only drives up your data breach cost but also slows your response to the breach. 4. Detection Gaps Although defenders were able to stop a higher proportion of ransomware attacks, threat actors are still consistently finding ways to slip through the security defense. IBM reports that the surveyed organization's internal security identified just 33% of breaches, while neutral 3rd parties such as law enforcement identified 40% of breaches, and the remaining 27% of breaches were disclosed by the attackers. However, organizations that discovered the breach themselves saved nearly US$1million in breach costs than those disclosed by the attacker (US$4.3 million and US$5.23 million respectively). Furthermore, breaches disclosed by the attacker had a lifecycle nearly 80 days longer compared to organizations that discovered the breach internally (320 days vs 241 days). The significant cost and time savings that comes with early detection does show that investing in strategies that can help you do so will pay off in the long run. Usage of threat detection and response tools, employee training, and incident response planning and testing, are good strategies to do so. Other Important Findings 1. Multiple Environments Led To Higher Breach Costs
39% of data breaches studied resulted in the loss of data stored across multiple environments - the cloud, on premise. These data breaches were not only costlier but also more difficult to contain than other types of breaches (i.e. just the cloud or just solely on-premise storage). It took 292 days, 15 days LONGER than the global average, to contain the breach, and also it contributed about US$750,000 more in average breach costs. Hence, organizations need to ensure that they are protecting their multiple environments - all of them! 2. Healthcare Breaches Cost Escalates The average costs of the studied breach in healthcare reached nearly US$11 million in 2023. This is a 53% increase in cost since 2020. This coincides with reports about the healthcare industry facing an alarming rise in cyber threats, with healthcare organizations becoming the top target for ransomware gangs. For more information do see this article: The Vital Importance of Cybersecurity in Healthcare: Safeguarding Lives and Data 3. Critical Infrastructure Breach Costs Escalates As Well Surveyed critical infrastructure organizations experienced a 4.5% increase in the average breach cost compared to the previous year - from US$4.82 million to US$5.04 million. This is US$590,000 higher than the global average breach cost. 4. DevSecOps Approach Lowers Data Breach Cost Surveyed organizations with a high level of DevSecOps had a lower global average cost of a data breach by nearly US$1.7 million than those with a low level or does not use the DevSecOps approach. About the Report This report is based on the analysis of real-world data breaches at 553 organizations globally between March 2022 - March 2023, with thousands of individuals interviewed and cost factors analyzed. Takeaway The 2023 Cost of a Data Breach Report by IBM offers valuable insights into the current state of data breaches and their financial impact. As the cyber threat landscape continues to evolve, organizations must prioritize cybersecurity measures to protect sensitive data and their reputation. By understanding the key factors influencing breach costs and embracing proactive cybersecurity strategies, businesses can bolster their resilience and defend against cyber adversaries. Let us heed the lessons from this report and work together to fortify our digital defenses, securing a safer and more prosperous digital future for businesses and consumers alike. Securing Your Organization With TAFA With the current cyber environment, organizations are facing increasingly sophisticated cyber threats. To protect against these threats, it is necessary to utilize cybersecurity solutions that can prevent zero-day and advanced cyber threats, and help ensure regulatory compliance. With our prevention first and zero-trust approach to security using Machine Learning (ML) and Artificial Intelligence (AI), TAFA Shield will strengthen your company's ability to prevent and block cyber attacks and threats. Not only do we protect your endpoints, but we also proactively detect and respond to cyber threats, provide managed SOC services to further improve your security posture, and lastly provide you with professional cybersecurity services that delivers guidance, support and expertise in designing, implementing and managing cybersecurity solutions tailored to your specific needs. Furthermore, with our comprehensive customized vulnerability assessment and penetration testing (VAPT) service, not only do we ensure the safety and security of your organization’s operation and data, but also we ensure that you will meet the required industrial and regulatory compliances. To learn more information about TAFA Shield and our VAPT service, and how we can help your company, do not hesitate to contact us for more information. Related Topics The Vital Importance of Cybersecurity in Healthcare: Safeguarding Lives and Data The Common Signs Of Being Cyberattacked 7 Types of Cyber Security Measures SMEs Need to Protect Their Business Unraveling the MOVEit Data Breach: More Than 554 Organisations & 37 Million Individuals Affected Comments are closed.
|
Archives
June 2024
Categories
All
|
© 2021, TAFA HOLDINGS (S) PTE LTD. ALL RIGHTS RESERVED
|