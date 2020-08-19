Globally, the average data breach cost companies $3.86 million this year, according to the annual Ponemon Institute report sponsored by IBM — a slight decline from the previous year.
Lost business costs accounted for nearly 40 per cent of the average total cost of a data breach, increasing from $1.42 million in the 2019 study to $1.52 million in the 2020 study. Lost business costs included increased customer turnover, lost revenue due to system downtime and the increasing cost of acquiring new business due to diminished reputation.
More than half of data breaches were caused by malicious attacks (52 per cent), the report shows. Companies spent an average of 286 days responding to and controlling data breaches. The country worst hit was the US.
Eighty percent of breached organisations stated that customer personally identifiable information (PII) was
compromised during the breach, far more than any other type of record. While the average cost per lost or stolen record was $146 across all data breaches, those containing customer PII cost businesses $150 per
compromised record. Those who were victims of malicious attack paid $175 per record.
With many companies working remotely in the pandemic, 70 per cent said remote work would increase the cost of a data breach and 76 per cent said it would increase the time to identify and contain a potential data breach. Having a remote workforce was found to increase the average total cost of a data breach of $3.86 million by nearly $137,000, for an adjusted average total cost of $4 million, the report said.
One in five companies (19 per cent) that suffered a malicious data breach was infiltrated due to stolen or compromised credentials, increasing the average total cost of a breach for these companies by nearly $1 million to $4.77 million. Human error was the cause of 23 per cent of breaches, and system glitches (25 per cent), were at an average total cost of $4.27 million.
Misconfigured clouds were a leading cause of breaches, the report continues. Alongside stolen or compromised credentials, misconfigured cloud servers tied for the most frequent initial threat vector in breaches caused by malicious attacks, at 19 per cent. Breaches due to cloud misconfigurations
resulted in the average cost of a breach increasing by more than half a million dollars to $4.41 million.