IBM Security and Ponemon Institute have released the 2018 Cost of Data Breach Study: Global Overview. This year it conducted interviews with more than 2,200 IT, data protection, and compliance professionals from 477 companies that have experienced a data breach over the past 12 months.
According to the findings, data breaches continue to be costlier and result in more consumer records being lost or stolen, year after year.
This year the report found that the average total cost of a data breach, the average cost for each lost or stolen record (per capita cost), and the average size of data breaches have all increased beyond the 2017 report averages:
- The average total cost rose from $3.62 to $3.86 million, an increase of 6.4%
- The average cost for each lost record rose from $141 to $148, an increase of 4.8%
- The average size of the data breaches in this research increased by 2.2%
In addition to presenting trends in the various components of the cost of a data breach, the global study determines the likelihood that an organisation will have one or more data breaches in the next two years. Two factors were used to determine the probability of a future data breach: the size of the data breach reported in this year’s research and where the organisation is located.
- The average global probability of a material breach in the next 24 months is 27.9%, an increase over last year’s 27.7%
- South Africa has the highest probability of experiencing a data breach at 43%
- Germany has the lowest probability of having a future data breach at 14.3%
As in past years, the study reports on the relationship between how quickly an organisation can identify and contain data breach incidents and the financial consequences.
- The mean time to identify (MTTI) was 197 days
- The mean time to contain (MTTC) was 69 days
- Companies that contained a breach in less than 30 days saved over $1 million vs. those that took more than 30 days to resolve
For the first time this year, the report researched the influence of two new cost factors: security automation and the extensive use of Internet of Things (IoT) devices. Also for the first time it measure the cost of a data breach involving more than 1 million compromised records, or what we refer to as a mega breach.
- The average cost of a breach for organisations that fully deploy security automation is $2.88 million
- Without automation, estimated cost is $4.43 million, a $1.55 million net cost difference
- The extensive use of IoT devices increased cost by $5 per compromised record
- A mega breach of 1 million records yields an average total cost of $40 million
- A mega breach of 50 million records yields an average total cost of $350 million
The bottom line from the IBM, Centrify and many other studies is that we’re in a Zero Trust Security (ZTS) world now and the sooner a digital business can excel at it, the more protected they will be from security threats. ZTS begins with Next-Gen Access (NGA) by recognising that every employee’s identity is the new security perimeter for any digital business.
The IBM study foreshadows an increasing level of speed, scale, and sophistication when it comes to how breaches are orchestrated. With the average breach globally costing $4.36M and breach costs and lost customer revenue soaring in the US, it’s clear we’re living in a world where Zero Trust should be the new mandate.
Zero Trust Security starts with Next-Gen Access to secure every endpoint and attack surface a digital business relies on for daily operations, and limit access and privilege to protect the “keys to the kingdom,” which gives hackers the most leverage.