IBM Security just published its 2020 Cost of Data Breach Report and revealed a 1.5% cut down in expenses caused by global data breaches, from $3.92 million per breach in 2019 to $3.89 million.
There was a significant deviation in data breach costs in varied areas and industry sectors. Businesses in America encountered the largest data breach costs, having a common breach with costs at $8.64 million, higher by 5.5% from 2019.
COVID-19 Envisioned to Raise Data Breach Costs
This is IBM Security’s 15th year of doing the research. Ponemon Institute carried out the study and included facts from 524 breached institutions, and questioned 3,200 persons from 17 nations and places and 17 industries. Research for the study was performed between August 2019 and April 2020.
The study was generally performed prior to the COVID-19 outbreak, which is possible to have a consequence on data breach expenditures. To look into how COVID-19 will impact the data breach costs, the Ponemon Institute called again research contributors to question about their perspectives. 76% of research participants believed the rise in remote working would expand the time it takes to identify and control a data breach and 70% mentioned remote working could raise data breach costs. The average data breach cost increase as a result of COVID-19 was determined to be $137,000.
Healthcare Data Breaches are the Most Expensive
Healthcare data breaches were the priciest to deal with. The average expenditure of a healthcare data breach is $7.13 million around the globe and $8.6 million in the U.S.A. The total data breach cost may have dropped all over all places and industries, but healthcare data breach costs have heightened by 10.5% year-over-year.
The worldwide average cost per breached record is $146, which has gone up to $150 per breached record the moment PII was breached, then it has gone up to $175 per record the moment PII was breached due to a malicious attack.
The average days to identify and control a breach is 280 days, however, it requires 315 days to identify and resolve a malicious attack, with each one rising by 1 day beginning 2019. In the U.S.A. the average days to recognize a data breach is 186 days but 51 days to resolve the malicious attack. The healthcare sector took the most time of 236 days to recognize data breaches and control it in 93 days for 329 days in total.
The expenditures of a data breach are extended over a few years, with 61% of costs encountered in the year 1first year, 24% in the second year, and 15% in the third year and further. In seriously regulated industrial sectors like healthcare, the rates were 44% (in the first year), 32% (in the second year), and 21% (in the 3rd year).
For the third year, IBM Security computed the costs of huge data breaches – those affecting over 1 million records. The cost of a data breach affecting 1 million – 10 million records is an average of $50 million, the cost of breaches affecting 10 million – 20 million records is $176 million on average, and the cost of a breach affecting 50 million records is $392 million.
Most Prevalent Reasons for Malicious Data Breaches
19% of breaches were a result of malicious attacks and were mostly a result of wrong cloud settings and breached credentials.
16% of breaches were because of vulnerabilities in a third-party application
14% of cases were as a result of phishing
10% were because of compromises of physical security
7% were a result of malicious insiders
6% were attributable to system errors and other wrong settings
5% were caused by business email compromise attacks
Breaches associated with compromised credentials were the priciest. Breaches caused by vulnerabilities in a third-party application and cloud misconfigurations were the second most costly.
Of all the attacks, 53% were financially driven, 13% were due to nation-state hacking organizations, and 13% were a result of hacktivists. The attackers associated with 21% of the breaches were not known. Financially inspired attacks were the least pricey, having a global average cost of $4.23 million and the most pricey were attacks brought on by nation-state hackers, which cost $4.43 million on average. The average expense of a malicious attack was $4.27 million. Detrimental data breaches associating ransomware cost $4.4 million on average and detrimental malware, which includes wipers, costs $4.52 million on average.
50% of data breaches in the healthcare industry were a result of malicious attacks, 23% were caused by system glitches, and 27% were a result of human mistake.