As the fallout from the Blackbaud data breach continues, with the Labour Party the latest to reveal it has been hit, a new study could prove nightmare reading for some with the average cost for each incident coming in at a whopping $3.86m (£2.94m), however, help is at hand from the rise of the machines.
The IBM Security report, based on an analysis of over 500 worldwide organisations which have experienced a data breach, shows that data breaches which compromise employee accounts are the most expensive.
Some 80% of those surveyed reported having exposed customers’ personally identifiable information (PII) as a result of a breach, and out of all types of data exposed in these breaches, customer PII was also the costliest to businesses.
One of the key findings of the report was the effectiveness of automation. Companies that had used artificial intelligence, analytics and automated orchestration to respond to security events experienced less than half the costs compared to those who did not have these tools deployed – $2.45m (£1.86m) compared to $6.03m (£4.59m) on average.
Security response times were also reported to be significantly shorter for firms with fully deployed security automation, as much as 27% faster than their counterparts at responding to breaches.
The most common cause of a malicious breach was stolen or compromised credentials and – like Blackbaud – cloud attacks, accounting for 40% of all incidents. Attackers use cloud misconfigurations to breach networks almost 20% of the time.
In addition, the report found that attackers used previously exposed emails and passwords in 20% of all case, prompting IBM to urge companies to re-examine their authentication protocols and consider a zero-trust approach.
While state-sponsored attacks represent just 13% of all malicious breaches, they were the most damaging. These types of attacks tend to target high-value data and therefore result in a more extensive compromise of victim environments, with costs of breaches averaging around $4.43m (£3.37m).
IBM X-Force Threat Intelligence vice president Wendi Whitmore said: “When it comes to businesses’ ability to mitigate the impact of a data breach, we’re beginning to see a clear advantage held by companies that have invested in automated technologies.
“At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data.
“Security automation can help resolve this burden, not only enabling a faster breach response but a significantly more cost-efficient one as well.”
National Trust among 125 hit by Blackbaud hack in UK
Crisis donors hit as fears grow over Blackbaud breach
Clients demand answers as cloud giant admits breach
UK universities are bottom of the class on data security
EasyJet rocked as data breach hits 9 million customers
Robert Dyas online store raided in card skimming hack
Hotel hell: Fresh Marriott data breach hits 5.2 million
Oops we did it again: Virgin Media gaffe hits 900,000
Maasdam busters: Netherlands is EU cybercrime capital
Hack attack fears push UK cyber security to over £8bn