Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

7/12/2018
09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M

For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.

The cost of data breaches to companies continues to go up, with the average hitting $3.86 million, according to a study by IBM Security. However, the cost of "mega breaches" -- where 1 million to 50 million records are lost -- can reach as high as $350 million, particularly when hidden costs are factored in.

According to the "2018 Cost of a Data Breach Study," those hidden costs -- such as lost business, the negative impact on the company's reputation and the amount of time employees spend on helping the business recover from the breach -- can be significant and difficult and expensive to manage. For example, a third of the cost of mega breaches came from lost business, according to the study, which was conducted by the Ponemon Institute for IBM Security.

In May, Kaspersky Lab researchers calculated that that clean-up costs for enterprises that had been breached grew almost 25% between 2017 and 2018, to $1.23 million per incident. The IBM report looked to include the ancillary hidden costs that drive up the overall financial hit companies take. (See Kaspersky: Data Breaches Cost Enterprises $1.23M.)

The data was collected through interviews with almost 500 companies that had experienced a data breach and through the analysis of hundreds of cost factors surrounding a breach, including technical investigations and recovery, notifications, lost business and reputation and legal and regulatory activities.

The study comes at a time when the number of mega breaches, such as the Equifax breach, continues to rise. According to IBM, over the past five years, the number almost doubled, from nine in 2013 to 16 in 2017. IBM's study in the past analyzed data from breaches were 2,500 to 100,000 records were lost. With the rapid growth of mega breaches, the tech giant is now taking a look at the costs involved with those. Ten out of 11 mega breaches that were analyzed were the result of malicious and criminal attacks rather than system or human error, with the largest expense linked to lost business, which was almost $118 million for breaches of 50 million records. (See Equifax Agrees to Implement New Security Measures.)

Growing costs
However, like with smaller breaches, a key factor is the amount of time it normally takes a business to detect and contain the breach. For a mega breach, the average time was 365 days, almost 100 days longer than the average of 266 days for breaches of smaller scale. On average, companies that contained a breach in fewer than 30 days saved more than $1 million in costs than those that took longer, at $3.09 million vs. $4.25 million. (See MyHeritage Data Breach of 92M Accounts Raises Many Questions.)

"The amount of time to detect and contain a breach has a huge impact on the total cost of a breach, which was evident from the study as well as what we experience working with clients," Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services, told Security Now in an email. "One of the big factors that helps reduce that timeline is having a full incident response plan in place, which includes proactive detection capabilities as well as response and remediation actions for a wide variety of stakeholders in the environment."

Security complexity
Responding well to a breach is more complex and challenging than many realize, so the key is having the right people and tools in place, and not only the technical and security teams but other people throughout the business, Whitmore wrote. Having an incident response team in place can reduce the cost of a breach by $14 per compromised record, the study found.

The use of artificial intelligence technologies for cybersecurity also plays a significant role in reducing costs. The use of an AI platform can cut costs by $8 per record. In addition, those companies that have extensively deployed automated security technologies -- including AI, machine learning, analytics and orchestration -- saved more than $1.5 million on the total cost of a breach, with an average of $2.88 million versus $4.43 million for those who didn’t use such technologies.

"Many companies are adopting machine learning, AI and automation technologies in some form or another in the security operation center, particularly those with more mature security processes in place," Whitmore added. "Many of these are larger companies as well as those in highly targeted industries like financial services. While machine learning is already used fairly pervasively, we continue to see companies looking to push further into the automation and AI space as well."


Boost your understanding of new cybersecurity approaches at Light Reading's Automating Seamless Security event on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!

With businesses managing more data and facing more threats, the use of automation technologies can reduce the amount of time security analysts need for such jobs as investigating duplicate alerts and false positives, and can also help in streamlining the overall threat response, she said.

Regionally, businesses in the US sustained the highest average cost per breach, at $7.91 million. The lowest average costs were in Brazil, at $1.24 million, and India, at $1.77 million.

Overall, costs have continued to rise during the 13 years Ponemon has looked at the issue. In 2014, the average cost of a data breach was $3.5 million, which means costs have jumped almost 10% in the past five years.

"Cybercriminals are becoming increasingly sophisticated, and targeted attacks as well as mega breaches are growing both in volume and complexity, which increases the overall time and expense it takes to manage a breach," Whitmore wrote. "Our clients realize the growing threat and are investing in measures to become more secure, but many organizations still don't have some of the basic detection capabilities in place that can help limit the impact of these attacks more effectively. Taking an operationally focused yet risk-based approach to security, focusing on protecting the most critical assets, and ensuring that the proper planning is in place across people, tools and technology can help reduce these costs in the long term."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.</p

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/17/2020
Cybersecurity Bounces Back, but Talent Still Absent
Simone Petrella, Chief Executive Officer, CyberVista,  9/16/2020
Meet the Computer Scientist Who Helped Push for Paper Ballots
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-8225
PUBLISHED: 2020-09-18
A cleartext storage of sensitive information in Nextcloud Desktop Client 2.6.4 gave away information about used proxies and their authentication credentials.
CVE-2020-8237
PUBLISHED: 2020-09-18
Prototype pollution in json-bigint npm package &lt; 1.0.0 may lead to a denial-of-service (DoS) attack.
CVE-2020-8245
PUBLISHED: 2020-09-18
Improper Input Validation on Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11....
CVE-2020-8246
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...
CVE-2020-8247
PUBLISHED: 2020-09-18
Citrix ADC and Citrix Gateway 13.0 before 13.0-64.35, Citrix ADC and NetScaler Gateway 12.1 before 12.1-58.15, Citrix ADC 12.1-FIPS before 12.1-55.187, Citrix ADC and NetScaler Gateway 12.0, Citrix ADC and NetScaler Gateway 11.1 before 11.1-65.12, Citrix SD-WAN WANOP 11.2 before 11.2.1a, Citrix SD-W...