In a world where vendor marketing is all-pervasive, trustworthy industry data can be a godsend for the time-poor IT buyer. Now in its 18th year, the IBM Cost of a Data Breach Report offers a useful snapshot of industry trends to put the claims of some tech players into perspective. The bad news is that this year’s report puts data breach costs at an all-time high. But on a more positive note, it also claims that use of strong encryption could shave off almost a quarter-of-a-million dollars from mean breach costs.
A record high
In 2023, the global average cost of a data breach stands at $4.45m, a 2% increase on the previous year and up over 15% since 2020. It’s even higher in industries like healthcare ($10.93m), where costs increased 8% year on year, and which continues to be the most expensive of any sector. The US is by far the most expensive place to have a data breach ($9.48m) followed by the Middle East ($8.07m).
Of all record types, customer and employee personal identifiable information (PII) was the most expensive when compromised. Customer PII, which includes names and Social Security numbers, cost organizations $183 per record, with employee PII at $181. The bad news is that customer PII is also the most frequently breached, being present in over half (52%) of all incidents, versus 40% for employee PII. Compromised IP, and other corporate data such as financial information, surged from 15% to 21% of compromised data in 2023.
It's not hard to see the potential legal/compliance, reputational and financial risks associated with such losses.
Cost and complexity
The big question is how can organizations get better at minimizing these breaches, and therefore costs that they incur?
Cyber-defenses like intrusion prevention at the corporate perimeter are all very well, but they won’t be able to stop attackers using phished or compromised credentials. And they certainly won’t be able to prevent a malicious insider attack. Unfortunately, all three are among the top four most expensive initial attack vectors for breaches, according to IBM. Malicious insider attacks cost $4.9m this year, with phishing-related breaches not far behind ($4.76m). Phishing and stolen or compromised credentials were also the two most common initial attack vectors, accounting for 16% and 15% of breaches respectively.
A second challenge is the distributed nature of the computing environment where data is stored today. IBM warns that “data is being created, shared and accessed at unprecedented scale across multi-cloud environments,” with fast adoption of new apps and services “compounding the risk of ‘shadow data’.
In fact, the vast majority (82%) of data breaches in the report feature data stored in the cloud, with two-fifths (39%) of breaches including data that spans “multiple types of environments.”
Start by protecting the data
Fortunately, data-centric security of the sort offered by comforte, is rapidly gaining traction as a best practice method of mitigating breach costs and risk. IBM claims strong encryption can cut $221,593 off the average breach cost. IT adds:
“Gaining visibility and control of data spread across hybrid cloud should be a top priority for organizations of all types and should include a focus on strong encryption, data security and data access policies. Companies should seek data security and compliance technologies that work on all platforms, allowing them to protect data as it moves across databases, applications and services deployed across hybrid cloud environments.”
This is what comforte was made for. Our Data Security Platform is designed to automatically and continuously discover data wherever it exists in the enterprise, including across multiple hybrid clouds, and then apply strong protection throughout its lifecycle. That means even if data is obtained by hackers, they will not be able to monetize it and the cost to the organization will be much reduced.
