If you work in cybersecurity, follow breaches in the news, or if you’re involved in managing your company’s finances, you’ve likely been (patiently) waiting for IBM’s latest Cost of a Data Breach report.
The 2021 report was released on July 28 and we’ve summarized the key findings for you here.
Note: In this case, we’re just here to deliver the cold, hard facts, not offer commentary. We have, however, offered additional resources for you to check out if you’re interested in exploring a specific threat type, industry, or solution further.
The overall cost of a breach
- Data breach costs rose from $3.86 million to $4.24 million, the highest average total cost in the history of this report
- There was a 10% increase in the average total cost of a breach between 2020 and 2021. This was the largest single year cost increase in the last seven years.
- The average cost of a breach at organizations with 81-100% of employees working remotely was $5.54 million
- Lost business represented 38% of the overall average total breach costs and increased slightly from $1.52 million in the 2020 study.
- Lost business costs include increased customer turnover, lost revenue due to system downtime, and the increasing cost of acquiring new business due to diminished reputation
Remote working and the cost of a breach
- where remote work was a factor in causing the breach, the cost difference was $1.07 million
- Remote work was a factor in breaches at 17.5% of companies
- Organizations that had more than 50% of their workforce working remotely took 58 days longer to identify and contain breaches than those with 50% or less working remotely
The cost of a breach by industry
- Healthcare has had the highest industry cost of a breach for 11 consecutive years
- Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, a 29.5% increase. Learn how Tessian helps organizations in healthcare prevent breaches.
- Costs in the energy sector decreased from $6.39 million in 2020 to an average $4.65 million in 2021
- Costs surged in the public sector, which saw a 78.7% increase in average total cost from $1.08 million to $1.93 million
The cost of a breach by threat type
- Business email compromise (BEC) was responsible for only 4% of breaches, but had the highest average total cost of the 10 initial attack vectors in the study, at $5.01 million
- The second costliest was phishing ($4.65 million), followed by malicious insiders ($4.61 million), social engineering ($4.47 million), and compromised credentials ($4.37 million)
- Compromised credentials was the most common initial attack vector, responsible for 20% of breaches.
- Ransomware attacks cost an average of $4.62 million, more expensive than the average data breach ($4.24 million). These costs included escalation, notification, lost business, and response costs… but did not include the cost of the ransom.
How can cybersecurity solutions help?
- Security AI and automation had the biggest positive cost impact. Organizations with fully deployed security AI and automation experienced breach costs of $2.90 million, compared to $6.71 million at organizations without security AI and automation.
- Security AI/automation was associated with a faster time to identify and contain the breach
Want to learn how Tessian leverages AI and ML to detect and prevent inbound and outbound threats legacy solutions can’t? Check out this whitepaper.