The cost of a data breach is now $3.86 million per breach on average, according to a newly released survey of organizations that suffered a breach over the past year.
Conducted by The Ponemon Institute on behalf of IBM, the survey of 3,200 security professionals finds incidents involving personally identifiable information (PII) that was exposed due to compromised employee accounts (80%) are the root cause of the most expensive breaches.
In incidents in which attackers accessed corporate networks using stolen or compromised credentials, businesses saw nearly $1 million higher data breach costs ($4.77 million) compared to the global average. Vulnerabilities involving third parties was the second costliest breaches ($4.5 million) for this group.
Stolen or compromised credentials and cloud misconfigurations (40%) were the most common causes of malicious breaches, with more than 8.5 billion records exposed in 2019. Attackers used previously exposed emails and passwords in 1 in 5 breaches studied.
Breaches that involved more than 50 million compromised records saw costs of $392 million, while attacks believed to be state-sponsored resulted in $4.43 million on average in data breach costs, the survey finds.
On the plus side, organizations that had fully deployed security automation technologies that leveraged artificial intelligence (AI), analytics and automated orchestration technologies experienced less than half the data breach costs ($2.45 million) compared to those who didn’t have these tools ($6.03 million).
The survey finds about 20% of organizations have fully deployed security automation technologies, with another 40% moving down that path.
With more employees now working from home to help combat the COVID-19 pandemic, Chris Scott, global remediation lead for IBM X-Force Incident Response and Intelligence Services, said it’s probable organizations are likely to experience an inordinately higher number of data breaches. At a time when there is already a chronic shortage of cybersecurity expertise, there is no way for organizations to effectively secure an expanded attack surface without relying more on automation baked into their incident response systems, he said.
In fact, Scott noted that cybersecurity strategies based on a castle-and-moat philosophy are all but antiquated in a COVID-19 era, where a perimeter no longer exists.
One of the most important things the study makes clear, he said, is organizations need to focus more on reducing credential risks by embracing technologies such as two-factor authentication. Cybercriminals are using phishing and other types of attacks to gain credentials that are then used to devastating effect. Adopting best DevSecOps practices to help ensure application security is critical, Scott added.
Of course, there’s no silver bullet when it comes to IT security. However, the more rote functions that become automated, the more time there is for cybersecurity professionals to spend closing down attack vectors before they are exploited. The challenge is, bad actors around the globe are becoming more adroit at exploiting those vectors with each passing day.