Every year IBM Security and the Ponemon Institute release their Cost of a Data Breach report based on in-depth interviews with over 500 companies around the world. The report takes into account hundreds of factors to calculate the cost of a data breach. More importantly, the report highlights ways that organisations can mitigate the cost of a data breach and improve their cybersecurity. This year’s report shows the average cost of a data breach to be a staggering $3.92 million. With such huge potential loses, it’s vital to understand the risk and how they can be avoided. Read on for all the highlights from this year’s report.
As always, the report analyses factors such as technical activities, customer turnover and the drain on employee productivity to calculate its figures. Each year, research evolves to take into account the changes in technology, regulations and security protocols. However, now in its 14th year, the report also includes historical data to show metrics over several years. New areas within the report this year include:
This year’s report delivered the following key findings:
While the report found that factors such as cloud migration, IT complexity and third-party breaches increased the cost of a data breach, it also revealed ways that the costs can be mitigated. Organisations who implement the likes of encryption, data loss prevention, threat intelligence sharing and DevSecOps experienced lower-than-average data breach costs. Encryption had the most significant impact, lowering costs by approximately $360,000.
Another factor that greatly mitigates the total cost of a data breach is an organisation’s ability to respond. For businesses with an incident response team following a well-tested response plan, costs were reduced by an average of $1.2 million. Ultimately, teams who tested their response plan were able to respond faster and contain the breach sooner.
Finally, the integration of security automation, using solutions with artificial intelligence, machine learning, and advanced analytics, resulted in significantly lower costs. In fact, organisations without security automation experienced costs that were 95% higher than those with fully-deployed automation.
The 2019 report also found that the chance of experiencing a data breach within two years has risen to 29.6%. As organisations are now nearly one third more likely to experience a breach than they were in 2014, increasing your cybersecurity posture is fundamental.