Digital transformation is the business norm today, but it comes at the price of major cyber threats like data breaches and ransomware attacks. If these risks are not managed or mitigated appropriately, they can result in major financial setbacks for organizations.
1. Destructive attacks drive data breach costs to new highs
Data breaches now cost $4.45 million per average, a 15% higher rate than three years ago. (
2. Organizations with security complexity pay a steeper price
Organizations that struggle with complex security systems and face a shortage of security skills have a significantly higher cost of data breach. For example, those that reported low security system complexity reported an average data breach cost of $3.84 million, while those with higher levels of complexity reported an average cost of $5.28 million.
3. Software supply chain attacks cost more and take longer to identify and contain
IBM examined attacks that originated from the software supply chain where threat actors infiltrate a software vendor's network and deploy malicious code to compromise systems and users. Around 12% of organizations experienced such an attack and paid $4.63 million, which is 8.3% more than the average cost of a data breach due to another cause ($4.26 million). Researchers also discovered that it took 294 days to contain a software supply chain breach, which is 8.9% longer than it took to contain a breach due to other causes (269 days).
4. Majority of breaches involve cloud environments
Most breaches (82%) had data stored either on a public cloud, a private cloud or across multiple cloud environments. What's more, hybrid environments (where data spans cloud and on premises) are the largest contributor of breaches at 39%. The average cost of a data breach in a hybrid setup is $4.75 million, which is 6.5% higher than the global average of $4.45 million. It also takes longer to contain breaches in hybrid clouds, requiring 291 days, or 14 days more than the global average of 277.
5. Most initial attack vectors are human-related, not technology-related
Despite organizations
How can organizations mitigate the financial impact of data breaches?
Recommended below are best practices organizations can adopt to prevent and mitigate the financial impact related to data breaches:
1. Adopt a DevSecOps approach: DevSecOps implies that from the initial architecture design, security must be involved across applications, networks, cloud implementations and anything from an IT perspective. Controls must be tested and reviewed regularly, whether its pen testing, vulnerability scanning, adversary simulation exercises, or detection and response mechanisms. Organizations that use a DevSecOps approach can realize
2. Implement a single-pass architecture: Using siloed security controls from multiple providers can complicate management and lessen visibility. Models such as
3. Use AI and automation: A security skills shortage is real and not being fulfilled anytime soon. Artificial intelligence and automation can be leveraged to scan and detect malicious activities and anomalies, faster, cheaper and at scale. Automation frees up employees so they can focus on tasks such as interpreting security signals, fine-tuning AI algorithms or responding to security threats.
4. Know the attack surfaces, practice incident response: Cyberattacks aren't a question of if, but when. Organizations need to understand their attack surfaces (internal, external, third-party) and evaluate their security defenses and weak spots regularly. They must train employees to build security instincts such as the ability to identify and report social engineering and phishing attacks, because most breaches trace back to
Failure to manage risks appropriately can result in substantial financial losses. If organizations can understand their attack surfaces well, follow