4 ways to reduce financial losses from a data breach

Arjuna Kodisinghe - Fotolia

Digital transformation is the business norm today, but it comes at the price of major cyber threats like data breaches and ransomware attacks. If these risks are not managed or mitigated appropriately, they can result in major financial setbacks for organizations.

Ponemon Institute and IBM recently examined data breach costs involving 553 breaches and 20 mega breaches (defined as 1 to 60 million records stolen) across 16 countries. The annual study revealed some alarming facts:

1. Destructive attacks drive data breach costs to new highs

Data breaches now cost $4.45 million per average, a 15% higher rate than three years ago. ($3.86 million in 2020). More than half of cyberattacks involve either a level of destruction rendering systems inoperable, or a ransomware attack that extorted an exorbitant sum. The average ransomware cost has jumped 13% in the last 12 months, from $4.54 million in 2022 to $5.13 million in 2023.

2. Organizations with security complexity pay a steeper price
Organizations that struggle with complex security systems and face a shortage of security skills have a significantly higher cost of data breach. For example, those that reported low security system complexity reported an average data breach cost of $3.84 million, while those with higher levels of complexity reported an average cost of $5.28 million.

3. Software supply chain attacks cost more and take longer to identify and contain

IBM examined attacks that originated from the software supply chain where threat actors infiltrate a software vendor's network and deploy malicious code to compromise systems and users. Around 12% of organizations experienced such an attack and paid $4.63 million, which is 8.3% more than the average cost of a data breach due to another cause ($4.26 million). Researchers also discovered that it took 294 days to contain a software supply chain breach, which is 8.9% longer than it took to contain a breach due to other causes (269 days). 

4. Majority of breaches involve cloud environments

Most breaches (82%) had data stored either on a public cloud, a private cloud or across multiple cloud environments. What's more, hybrid environments (where data spans cloud and on premises) are the largest contributor of breaches at 39%. The average cost of a data breach in a hybrid setup is $4.75 million, which is 6.5% higher than the global average of $4.45 million. It also takes longer to contain breaches in hybrid clouds, requiring 291 days, or 14 days more than the global average of 277. 

5. Most initial attack vectors are human-related, not technology-related
Despite organizations increasing investments in security technology, breaches continue to be successful. The study helps explain why phishing and stolen (or compromised) credentials are two of the biggest initial attack vectors or root causes responsible for 16% and 15% of breaches, respectively. Other leading initial attack vectors such as cloud misconfiguration (11%), business email compromise (a form of phishing, 9%) and known unpatched vulnerabilities (5%), are considered human-related.

How can organizations mitigate the financial impact of data breaches?

Recommended below are best practices organizations can adopt to prevent and mitigate the financial impact related to data breaches:

1. Adopt a DevSecOps approach:  DevSecOps implies that from the initial architecture design, security must be involved across applications, networks, cloud implementations and anything from an IT perspective. Controls must be tested and reviewed regularly, whether its pen testing, vulnerability scanning, adversary simulation exercises, or detection and response mechanisms. Organizations that use a DevSecOps approach can realize $1.7 million lower average data breach costs.

2. Implement a single-pass architecture:  Using siloed security controls from multiple providers can complicate management and lessen visibility. Models such as single-vendor SASE converge wide-area networking (WAN) with a battery of security functions such as web gateways, zero trust network access, and intrusion prevention systems – driving the need to reduce complexity and human error. Security teams gain visibility and control over the IT estate since SASE ingests network flows from every device, user, application, and system, including IoT (Internet of Things). In case of zero-day threats, organizations can coordinate their defenses in a centralized manner, consequently lowering the cost of a data breach.

3. Use AI and automation: A security skills shortage is real and not being fulfilled anytime soon. Artificial intelligence and automation can be leveraged to scan and detect malicious activities and anomalies, faster, cheaper and at scale. Automation frees up employees so they can focus on tasks such as interpreting security signals, fine-tuning AI algorithms or responding to security threats. 

4. Know the attack surfaces, practice incident response: Cyberattacks aren't a question of if, but when. Organizations need to understand their attack surfaces (internal, external, third-party) and evaluate their security defenses and weak spots regularly. They must train employees to build security instincts such as the ability to identify and report social engineering and phishing attacks, because most breaches trace back to human error. Regularly rehearse incident response plans.

Failure to manage risks appropriately can result in substantial financial losses. If organizations can understand their attack surfaces well, follow security-by-design approaches, reduce security complexity, leverage AI and consistently practice incident response plans, they can secure a better position to mitigate costly data breaches.