Augmenting or replacing human intervention cut per-breach losses by $3.58m

Arrows containing computer code point the way to data breaches

Organizations can dramatically reduce losses arising from data breaches by comprehensively automating their response and containment capabilities, a new IBM report has concluded.

Published today, the Cost of a Data Breach Report 2020 found that organizations deploying artificial intelligence and security orchestration, automation, and response (SOAR) tools reduced the cost of breaches by an average of $3.58 million.

“Our study appears to show a growing divide in data breach costs between organizations with more advanced security processes, like automation and formal incident response teams, and those with less advanced security postures in these areas,” said IBM.

A growing number of organizations appear to be heeding such warnings, with 21% having deployed SOAR tools, up from 15% on IBM’s 2019 report.

Malicious versus self-inflicted breaches

Stolen or compromised employee credentials are both jointly the most common cause of breaches, accounting for 19%, and the most expensive, exacting losses that were $1 million higher on average.

Many breaches are self-inflicted, with misconfigured cloud storage also accounting for 19% of incidents.

Overall, malicious attacks accounted for 52% of data breaches, human error for 23%, and system glitches for 25%.

Nation-state actors and ‘hacktivists’ accounted for 13% of breaches apiece, with the former causing the most financial damage at an average of $4.43 million per incident.

Financially motivated cybercriminals were behind 53% of successful attacks, with threat actors’ identities unknown in 21% of cases.


Read more of the latest data breach news


The average total cost of a data breach has risen 10% since 2014, although it dipped slightly year-on-year from $3.92 million to $3.86 million.

On average, reputational damage and business downtime accounted for 40% of total losses.

“It is often the case that the damage to the organization’s reputation and branding dwarfs the fine imposed,” Dr Francis Gaffney, director of threat intelligence at cybersecurity specialist Mimecast, told The Daily Swig.

“More widely, data from individual breaches is capable of being aggregated with information from other, unrelated breaches, to perform credential stuffing attacks against an individual’s online accounts.”

The volume of data exposed or compromised had a significant bearing on costs, with breaches of 1-10 million records resulting in average losses 25 times higher than resulting from the compromise of fewer than 100,000 records.

The average breach takes 280 days to identify and contain, IBM also found.

Coronavirus disruption

The reporting period – August 2019-April 2020 – only slightly overlapped with the global Covid-19 pandemic. IBM found that a majority of organizations (76%) predicted that the resulting shift to remote working would hinder breach response and containment and lead to higher data breach costs (70%).

Dr Gaffney thinks breaches have potentially become more likely too, with recent Mimecast research showing that 63% of home workers are “using their personal devices to access the corporate network” and 49% are “opening attachments from unknown sources.”

US organizations suffered the highest costs, at an average of $8.64 million per incident, with their Scandinavian counterparts experiencing the biggest year-over-year increase at 13%.

The healthcare sector saw the highest average breach costs at $7.13 million — more than 10% up on last year’s report – with public sector organizations reporting the lowest of 17 sectors studied, at $1.1 million.

Dr Gaffney believes the healthcare sector has become an even more “attractive target for nefarious actors [who are] intent on causing chaos and disruption” during the pandemic, “by exploiting a time of confusion and uncertainty”.

“Cybercriminals know that denying the services of the healthcare sector at this time would have massive ramifications,” he added.

IBM’s study, which was conducted by the Ponemon Institute, is based on interviews with more than 3,200 security professionals at 524 organizations in 17 countries and industries that experienced data breaches.


RECOMMENDED Behind the botnet: Akamai’s Tony Lauro on tackling real-world credential stuffing attacks