How a Data Breach Cost Hit $4.2 Mn during Pandemic

Did you know that the average cost of a data security breach for any organization is $3.86 million? This is the prediction done by IBM. And it has now been replaced by a shocking new figure in the era of the COVID19 pandemic.

Remote work during COVID-19 increased data breach costs in the United States by $137,000 — IBM

Last year, companies were forced to quickly adjust their technical methods. Many companies encouraged employees to work from home. And thus, during the pandemic, 60% of organizations switched even more to cloud-based activities. A study on these suggests that security may have fallen behind these rapid IT changes, hampering organizations’ ability to respond to data breaches.

“Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic,” said Chris McCurdy, vice president, and general manager, IBM Security.

To clearly state the evidence of all that has happened, in its July 2021 annual report, IBM presented analytics research on the ‘Cost of Data Breach’ along with the Ponemon Institute. This report shows the analysis of data breaches suffered by over 500 companies during the period of May 2020 till March 2021.

The investigation showcases the cost of an ongoing pandemic data breach and the team’s significant efforts on its containment. Remote work operations in the epidemic have increased the attack surface, leading to more expensive data breaches. Experts observed an average increase of over $1 million in breach costs when remote work appeared to be a factor in the event, compared to the group without this factor ($4.96 versus $3.89 million).

Would you be interested in 4 Reasons why cloud security is important

Major Incidents Involved Compromised PII

Picture credits: Securityaffairs.co

PII stands for Personally Identifiable Information is the information that when used alone or with a combination of other relevant data is capable to identify an individual. An individual’s sensitive PII may include their name, social security number, license numbers, financial and health record information.

As shown above, the study found that the majority of the analyzed incidents compromised on PII. And along with this, there were a number of other factors involved in the cost of a data breach including legal disputes, technical, brand reputation, employee productivity, etc. The average cost per record was $180, and the overall average cost per record was $161, up from $146 in the previous year.

“IBM (NYSE: IBM) Security announced the results of a global study which found that data breaches now cost surveyed companies $4.24 million per incident on average — the highest cost in the 17-year history of the report. Based on in-depth analysis of real-world data breaches experienced by over 500 organizations, the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 10% compared to the prior year,” states IBM Security.

Compromised Credentials — Biggest Growing Risk

The biggest need across all platforms at all times is to keep credentials unique and mutually exclusive for each. This helps prevent any data breach to propagate further. However, ironically it was observed that out of the individuals surveyed, 82% of them were found to have been using the same credentials across all accounts. Compromised credentials are a growing risk for businesses when it comes to being a cause of data breaches.

Mature Security Posture = Low Data Breach Costs

One of the crucial findings of the IBM conducted data breach report stated that costs were discovered to be much lower for some organizations with more mature security posture and much higher for organizations that lag behind in areas such as security AI and automation, zero trust, and cloud security.

Moreover, investments in incident response equipment and teams have also reduced the cost of data breaches for research subjects. The average cost of non-compliance for companies that have an incident response team and test their incident response plan was found to be $ 3.25 million, while those that have not implemented it incurred an average cost of $ 5.71 million (a difference of 54.9%).

Factspan is a pure play analytics company. We partner with you to build an analytics center of excellence, uncovering insights and solutions from your data.