311 days — the average time to detect and contain a data breach

The average time to detect and contain a data breach in Australia over the past year was 311 days (219 to detect, 92 to contain), according to IBM Security's latest report.

The annual Cost of a Data Breach Report, conducted by Ponemon Institute and sponsored and analysed by IBM Security, surveyed 500 organisations around the world.

The report found that in Australia, data breaches cost companies an average of $3.7 million per incident (nearly 10% increase over the previous year), the highest cost in the report’s 12-year history.

Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organisations moving further into cloud-based activities during the pandemic. The latest findings suggest that security may have lagged behind these rapid IT changes, hindering organisations’ ability to respond to data breaches.

Security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year. Below are the highlights from the report:

• Data breaches in financial sector were most expensive by industry in Australia (AU$233 per record cost), followed by the technology sector (AU$224 per record cost) and services (AU$203 per record cost).
• The shift to remote work led to more expensive data breaches, with global breaches costing over $1 million more on average when remote work was indicated as a factor in the event.
• Australian companies that adopted a zero trust security approach were better positioned to deal with data breaches — those with a mature zero trust strategy had an average data breach cost of $2.73 million, which was $1.54 million lower than those who had not deployed this approach at all.
• The global average cost of a mega breach was $401 million, for breaches between 50 million and 65 million records. This was nearly 100x more expensive than most breaches studied in the report (which ranged from 1000–100,000 records).
• Stolen user credentials were the most common root cause of breaches in the study. At the same time, customer personal data (such as name, email, password) was the most common type of information exposed in data breaches — with 44% of breaches including this type of data.
• The US had the most expensive data breaches at $9.05 million per incident, followed by Middle East ($6.93m) and Canada ($5.4m).
• Globally, data breaches in healthcare were most expensive by industry ($9.23m), followed by the financial sector ($5.72m) and pharmaceuticals ($5.04m). While lower in overall costs, retail, media, hospitality and public sector experienced a large increase in costs vs the prior year.
   

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said Chris McCurdy, Vice President and General Manager, IBM Security.

“While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach — which may pay off in reducing the cost of these incidents further down the line.”

The adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools. For cloud-based data breaches studied, organisations that had implemented a hybrid cloud approach had lower data breach costs ($3.61m) than those who had a primarily public cloud ($4.80m) or primarily private cloud approach ($4.55m).

Image credit: ©stock.adobe.com/au/Nmedia