When it comes to mitigating the negative impacts of a data breach, time is of the essence. A recent study by the Ponemon Institute and IBM Security showed a 6.4 percent increase in losses related to data breaches since 2017 but that such losses have been less significant among companies that contain a breach within 30 days of discovery.
Globally, the average loss related to a data breach is $3.86 million but companies that identified and remedied a breach in a month or less saved more than $1 million compared with those that did not. U.S. companies saw the highest average data breach cost – $7.91 million.
“While highly publicized data breaches often report losses in the millions, these numbers are highly variable and often focused on a few specific costs which are easily quantified,” IBM X-Force Incident Response and Intelligence Services (IRIS) Global Leader Wendi Whitmore said in a press release. “The truth is there are many hidden expenses which must be taken into account, such as reputational damage, customer turnover, and operational costs. Knowing where the costs lie, and how to reduce them, can help companies invest their resources more strategically and lower the huge financial risks at stake.”
Researchers found the average time to identify a breach to be 197 days and that the average time for breach containment was 69 days.
On average, breaches cost companies $148 per lost or stolen record. The report noted that companies with an incident response team in place saw breach expense savings of $14 per data record compromised.
Companies that used an artificial intelligence platform for cybersecurity saw reduced costs of $8 per record.
“This year, for the first time, the report examined the effect of security automation tools which use artificial intelligence, machine learning, analytics and orchestration to augment or replace human intervention in the identification and containment of a breach,” the release states. “The analysis found that organizations that had extensively deployed automated security technologies saved over $1.5 million on the total cost of a breach ($2.88 million, compared to $4.43 million for those who had not deployed security automation).”
The report indicated that companies employing a “rush to notify” initiative, in which they reported a breach before knowing certain key details about its parameters, saw an increase in average associated cost of about $5 per record. The higher costs can stem from brand liability issues related to the dissemination of misinformation about a breach, according to a 2014 report by Government Technology.
A report of the study’s findings detailed various breach-related expenses that contribute to the high total cost associated with cyberattacks. Those include costs associated with investigations, data recovery, notification systems and lost business.
The study also found that “mega breaches,” in which more than 1 million or more records are compromised, nearly have doubled in the last five years. Mega breaches cost an average of $40 million, the report states. At 50 million records, estimated costs totaled $350 million. Mega breaches also took longer to detect and contain on average: 365 days, compared to with 266 days for smaller scale breaches.
The National Association of Federally-Insured Credit Unions (NAFCU) recently reiterated its ongoing push for national data security standards in a release following a report by the cybersecurity firm RiskIQ, stating that more than 800 e-commerce sites worldwide have been targeted by a digital credit card skimming campaign. RiskIQ said the hacking group Magecart, which it has tracked since 2015, facilitated the cyberattacks between February 2017 and June 2018. The firm found in the Ticketmaster breach that the group stole payment information through a third-party supplier, Inbenta.