Data breaches are on the rise. In the US, last year broke new records in terms of breach volumes. The bad news is that costs are also increasing. The latest IBM study reveals that they surged 10% annually to reach nearly $4.9m on average in 2024. Although there are several mooted causes of this rise, one of the most critical appears to be the growing challenge of shadow data.
Discovering, classifying and protecting this data should be a priority for IT and security teams. The good news is that doing so could significantly reduce breach costs.
Shadow data risks loom large
Based on analysis of 604 organizations impacted by data breaches, and interviews with thousands of execs, IBM’s report digs deep into the causes of and mitigations for surging breach costs. It reveals multiple causes of the increase in breach costs, including:
- A rise in the cost of lost business – such as operational downtime and lost customers
- An increase in the cost of post-breach response, such as staffing customer service help desks and paying higher regulatory fines
- IT system complexity
- Security skills shortages
- Supply chain risks
However, the shadow data risk looms large. In fact, over a third (35%) of breaches analyzed over the report period involved data outside of the control of the IT/security department. Worse, the average cost of related breaches was $5.3m, over 16% higher than the average. Breaches involving shadow data also took 26% longer on average to identify and 20% longer to contain. The longer it takes IT teams to discover and contain and incident, the more expensive and potentially damaging it will be, the report argues.
Shining a light
Shadow data can stem from a variety of sources. It could be sitting in a legacy application, or an unsanctioned shadow IT app. It may have been copied from a production to a developer environment, to be used as test data, and never deleted. It might even have been left behind after lift-and-shift cloud migration projects. In fact, the complexity of modern IT environments increases the chances of shadow data.
This is why organizations must turn to AI-powered data discovery and classification tools which can automatically and continuously find and label data, no matter where it is. In fact, IBM reveals that 25% of breaches involving shadow data were on-premises—highlighting the need for discovery to work across not just multi-cloud but also traditional data stores.
Once the organization knows where all of its data is, at any time, it needs to ensure that data is suitably protected. According to IBM, encryption could save $243,914 on the average breach cost, while data security and protection software can shave off as much as $166,600.
The report adds:
“Security teams must now assume their organizations have unmanaged data sources. Unencrypted data, including data in AI workloads, further exacerbates the risk. Data encryption strategies must consider the types of data, its use and where it resides to lower risk in case of a breach.”
Fortunately, the comforte Data Security Platform combines data discovery and classification with data protection to ensure any unmanaged and/or unknown data is suitably protected. It’s not a silver bullet for reducing breach costs. But data-centric security will go a long way to mitigating the impact of a potentially serious incident, by ensuring that even in a worst-case scenario, any stolen information will be rendered unusable.
In this way, growth-oriented enterprises plan for the worst, in order to build their business on solid foundations. It’s time to get started.
