Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operational Security

7/12/2018
09:35 AM
Jeffrey Burt
Jeffrey Burt
Jeffrey Burt
50%
50%

IBM: Hidden Costs Drive Up Financial Hit of Mega Breaches to $350M

For companies that have 50 million records compromised, lost business and reputation, as well as the employee time spent in recovery work, can put the overall cost at $350 million.

The cost of data breaches to companies continues to go up, with the average hitting $3.86 million, according to a study by IBM Security. However, the cost of "mega breaches" -- where 1 million to 50 million records are lost -- can reach as high as $350 million, particularly when hidden costs are factored in.

According to the "2018 Cost of a Data Breach Study," those hidden costs -- such as lost business, the negative impact on the company's reputation and the amount of time employees spend on helping the business recover from the breach -- can be significant and difficult and expensive to manage. For example, a third of the cost of mega breaches came from lost business, according to the study, which was conducted by the Ponemon Institute for IBM Security.

In May, Kaspersky Lab researchers calculated that that clean-up costs for enterprises that had been breached grew almost 25% between 2017 and 2018, to $1.23 million per incident. The IBM report looked to include the ancillary hidden costs that drive up the overall financial hit companies take. (See Kaspersky: Data Breaches Cost Enterprises $1.23M.)

(Source: Pixabay)
(Source: Pixabay)

The data was collected through interviews with almost 500 companies that had experienced a data breach and through the analysis of hundreds of cost factors surrounding a breach, including technical investigations and recovery, notifications, lost business and reputation and legal and regulatory activities.

The study comes at a time when the number of mega breaches, such as the Equifax breach, continues to rise. According to IBM, over the past five years, the number almost doubled, from nine in 2013 to 16 in 2017. IBM's study in the past analyzed data from breaches were 2,500 to 100,000 records were lost. With the rapid growth of mega breaches, the tech giant is now taking a look at the costs involved with those. Ten out of 11 mega breaches that were analyzed were the result of malicious and criminal attacks rather than system or human error, with the largest expense linked to lost business, which was almost $118 million for breaches of 50 million records. (See Equifax Agrees to Implement New Security Measures.)

Growing costs
However, like with smaller breaches, a key factor is the amount of time it normally takes a business to detect and contain the breach. For a mega breach, the average time was 365 days, almost 100 days longer than the average of 266 days for breaches of smaller scale. On average, companies that contained a breach in fewer than 30 days saved more than $1 million in costs than those that took longer, at $3.09 million vs. $4.25 million. (See MyHeritage Data Breach of 92M Accounts Raises Many Questions.)

"The amount of time to detect and contain a breach has a huge impact on the total cost of a breach, which was evident from the study as well as what we experience working with clients," Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services, told Security Now in an email. "One of the big factors that helps reduce that timeline is having a full incident response plan in place, which includes proactive detection capabilities as well as response and remediation actions for a wide variety of stakeholders in the environment."

Security complexity
Responding well to a breach is more complex and challenging than many realize, so the key is having the right people and tools in place, and not only the technical and security teams but other people throughout the business, Whitmore wrote. Having an incident response team in place can reduce the cost of a breach by $14 per compromised record, the study found.

The use of artificial intelligence technologies for cybersecurity also plays a significant role in reducing costs. The use of an AI platform can cut costs by $8 per record. In addition, those companies that have extensively deployed automated security technologies -- including AI, machine learning, analytics and orchestration -- saved more than $1.5 million on the total cost of a breach, with an average of $2.88 million versus $4.43 million for those who didn’t use such technologies.

"Many companies are adopting machine learning, AI and automation technologies in some form or another in the security operation center, particularly those with more mature security processes in place," Whitmore added. "Many of these are larger companies as well as those in highly targeted industries like financial services. While machine learning is already used fairly pervasively, we continue to see companies looking to push further into the automation and AI space as well."


Boost your understanding of new cybersecurity approaches at Light Reading's Automating Seamless Security event on October 17 in Chicago! Service providers and enterprise receive FREE passes. All others can save 20% off passes using the code LR20 today!

With businesses managing more data and facing more threats, the use of automation technologies can reduce the amount of time security analysts need for such jobs as investigating duplicate alerts and false positives, and can also help in streamlining the overall threat response, she said.

Regionally, businesses in the US sustained the highest average cost per breach, at $7.91 million. The lowest average costs were in Brazil, at $1.24 million, and India, at $1.77 million.

Overall, costs have continued to rise during the 13 years Ponemon has looked at the issue. In 2014, the average cost of a data breach was $3.5 million, which means costs have jumped almost 10% in the past five years.

"Cybercriminals are becoming increasingly sophisticated, and targeted attacks as well as mega breaches are growing both in volume and complexity, which increases the overall time and expense it takes to manage a breach," Whitmore wrote. "Our clients realize the growing threat and are investing in measures to become more secure, but many organizations still don't have some of the basic detection capabilities in place that can help limit the impact of these attacks more effectively. Taking an operationally focused yet risk-based approach to security, focusing on protecting the most critical assets, and ensuring that the proper planning is in place across people, tools and technology can help reduce these costs in the long term."

Related posts:

— Jeffrey Burt is a long-time tech journalist whose work has appeared in such publications as eWEEK, The Next Platform and Channelnomics.</p

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3454
PUBLISHED: 2021-10-19
Truncated L2CAP K-frame causes assertion failure. Zephyr versions &gt;= 2.4.0, &gt;= v.2.50 contain Improper Handling of Length Parameter Inconsistency (CWE-130), Reachable Assertion (CWE-617). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-fx88-6c29-...
CVE-2021-3455
PUBLISHED: 2021-10-19
Disconnecting L2CAP channel right after invalid ATT request leads freeze. Zephyr versions &gt;= 2.4.0, &gt;= 2.5.0 contain Use After Free (CWE-416). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-7g38-3x9v-v7vp
CVE-2021-41150
PUBLISHED: 2021-10-19
Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. The tough library, prior to 0.12.0, does not properly sanitize delegated role names when caching a repository, or when loading a repository from the filesystem. When the repository is c...
CVE-2021-31378
PUBLISHED: 2021-10-19
In broadband environments, including but not limited to Enhanced Subscriber Management, (CHAP, PPP, DHCP, etc.), on Juniper Networks Junos OS devices where RADIUS servers are configured for managing subscriber access and a subscriber is logged in and then requests to logout, the subscriber may be fo...
CVE-2021-31379
PUBLISHED: 2021-10-19
An Incorrect Behavior Order vulnerability in the MAP-E automatic tunneling mechanism of Juniper Networks Junos OS allows an attacker to send certain malformed IPv4 or IPv6 packets to cause a Denial of Service (DoS) to the PFE on the device which is disabled as a result of the processing of these pac...