Here are seven key takeaways from the IBM cost of data breach report 2020.
1. Remote Work Increases Incident Response Time
This pandemic has forced many businesses to embrace the remote work trend. There are many advantages of remote work and no one can deny that, but there are also downsides which most businesses tend to ignore. The cost of the data breach report 2020 brought these issues to the limelight.
According to the cost of data breach report 2020, the average cost of data breaches is much higher for companies adopting remote work as compared to companies that do not. To make matters worse, remote work also led to an increase in incident response times. 76% of security professionals admitted that they required more time to identify and contain data breaches, according to the report.
2. Customer Data is The Most Compromised Data Type
When it comes to data type, customer personal data is the most targeted and compromised data type. In fact, 80% of data breaches involved personal customer information. The report also confirms that when customers’ personal information is stolen, it tends to cost businesses more. Every stolen record’s average cost is $146, but that cost increases to $150 when customer personal data is stolen. Even though the difference isn’t that big, but when thousands of records are stolen, the cost will escalate.
3. Majority of Data Breaches are Malicious
The cost of the data breach report also sheds light on the underlying causes of data breaches.
According to the cost of data breach report 2020,
- 52% of data breaches were caused by malicious attacks
- 25% of data breaches took place due to system failure
- 23% of data breaches occurred due to human error
- 19% of data breaches succeeded due to cloud misconfiguration
- 19% of companies were hacked due to compromised credentials
When you look at the financial side of all the causes, malicious assaults are the most expensive, followed by system failure and human error. Malicious data breaches cost businesses $4.27 million, while businesses must suffer a loss of $3.38 million due to system failure and $3.33 million due to human error.
4. Lost Business Due to Data Breaches
Businesses have lost $1.55 million worth of business due to the data breaches, which is equal to 40% of the average cost of a data breach. This is only the financial damage and there are other forms of damages that a data breach can do to a business. Reputation damage, customer acquisition and retention are other types of impact a data breach could have on your business.
5. The Bigger They Are, The Higher the Cost
The larger the company size, the more the data breach will cost them. Here is a quick rundown of how the cost of a data breach increases with an increase in company size.
Data Breach Costs According to Company Size
- Companies with less than 500 employees: $2.35 million
- Companies with less than 1000 employees: $2.53 million
- Companies with less than 5000 employees: $3.78 million
- Companies with less than 10000 employees: $4.72 million
6. Average Time to Identify & Contain Data Breach is 9 Months
Yes, you read that right. According to the cost of data breach report 2020, it took businesses 280 days to identify and contain a data breach, which is a shade above nine months.
- 207 days to identify the data breach
- 73 days to contain the data breach
If a business manages to contain a data breach in less than 200 days, it can save more than $10 million compared to data breaches contained after 200 days.
7. Incident Response Plan is The Biggest Lifesaver
Having an incident response plan was one of the biggest cost savers for businesses. Businesses who have dedicated incident response teams and have tried and tested incident response plans saved $200 million more than companies without a dedicated incident response plan and incident response team. Companies that have deployed security automation saved $3.58 million in terms of the total cost of a data breach compared to companies that do not.
Conclusion
The cost of data breach report 2020 is a real eye-opener for businesses. They need to act quickly; otherwise, data breaches can put their business continuity at risk. Organisations need a comprehensive data protection strategy to keep your data safe. It should encompass everything from employee training to process and software updates, security to monitoring. Adopting a holistic approach to data security will help businesses minimise the risk of data breaches.