Ci spiace, ma questo articolo è disponibile soltanto in Inglese e Ucraino.
The IBM Cost of a Data Breach Report is an annual report that provides organizations with information about the financial impacts of breaches. With this data, they can make data-driven decisions about how they implement security in their organization.
The report is conducted by the Ponemon Institute and sponsored, analyzed, and published by IBM Security. In 2023, the 18th year the report was published, the report analyzed 553 breaches across 16 countries and 17 industries.
Key Finding #1: The average cost of a data breach reached a record high in 2023.
The average cost of data breaches has been rising almost steadily since 2017. In 2017, the average cost was “merely” $3.62M. In 2023, it reached an all-time high of $4.45M in 2023. In the past three years, average breach costs increased by 15%.
Drilling down into industry specifics reveals that the costliest breaches occur in healthcare ($10.93M), financial ($5.9M), pharmaceuticals ($4.82M), energy ($4.78M), and industrial ($4.73M).
The average cost of healthcare attacks is nearly double that of the subsequent industry. This is probably because the healthcare attack surface is enormous – healthcare organizations are highly focused on operational outcomes and – prioritize them over security.
Attacking healthcare organizations can also be a means to an end. An attacker might steal a victim’s healthcare information and use it for identity fraud, to attack a bank or an insurance company, or for other causes.
From a geographical perspective, the costliest breaches occurred in the US ($9.48M), the Middle East ($8.07M) and Canada ($5.13M). In most cases, threat actors pursue wealthy regions, which is why most target countries have high GDPs.
IBM Security also cross-referenced the average cost and the frequency of breaches (by the initial attack vector). A few interesting insights include:
- Phishing is the most common way for threat actors to breach organizations, and they are also the second most costly breach for organizations ($4.76M).
- Stolen or compromised credentials are also commonly used and are fairly costly ($4.62M).
- Malicious insiders are a fairly less common attack vector. However, they are the costliest breach ($4.9M).
Yet, when organizations were asked if they would increase their security investment following a breach, only 51% replied that they would.
Out of the 51% who said they would increase their security spending, 50% would invest in incident response planning and testing, 46% in employee training, and 38% in threat detection and response technologies.
Key Finding #2: Using a DevSecOps approach, deploying incident response teams, and using security and AI automation produced large savings
IBM Security found that the use of security AI and automation directly impacts the average cost of a data breach. Organizations that extensively invested in and deployed AI and automation in their environment and organizations saved an average of $1.76M per breach compared to organizations that did not use AI and automation at all. They also saved 108 days in breach response time.
Organizations using high levels of a DevSecOps approach or incident response planning and testing saved millions of dollars compared to those that used low levels or none at all:
- $1.68M saved for organizations that used a DevSecOps approach
- $1.5M saved for an organization with an incident response team and regular testing
- $1.5M saved for organization with employee training
Key Finding #3: Costs were highest and breaches took longer to contain when breached data was stored across multiple environments.
39% of the breached data was stored across multiple types of environments: public, private, hybrid clouds, or even on-premises. The breach costs were also higher for this data by $750,000.
In addition, the time to contain the breach was also the highest for this data, reaching 291 days. This is 15 days longer than the overall average.
This is not to say the cloud is more insecure. But it is more complicated, and it is new. This is why DevSecOps and building security into the earliest phases of architecture development are important.
Key Finding #4: Detecting the breach with internal security teams and involving law enforcement led to savings
Organizations that identified the breach on their own were able to contain it faster than if a benign third party or the attacker identifies the breach – 241 days vs. 273 by a third party and 320 by the attacker.
The average costs were also lower, $4.3M when the organization identified the breach vs. $4.68M by a benign third party and $5.23M by an attacker. There is a very tight correlation between the amount of time it takes and the amount of money it will cost the organization.
When law enforcement authorities were involved in identification and mitigation, the average cost and the time to identify and contain the breach were significantly reduced. The cost was $4.64M when they were involved vs. $5.11M when they weren’t. In addition, the breach was contained in 276 days, rather than 306.
There is another reason organizations should involve law enforcement when they are attacked. The FBI and other law enforcement organizations around the world are also empowered to take action against these threat actors, which individual companies and individual citizens are not.
RECOMMENDATIONS
What are the next steps all organizations should take based on the results of this report?
Build security into every stage of software and hardware development and test regularly:
- Employ a DevSecOps approach
- Adopt secure by design and secure by default principles during the initial design phase
- Apply the same principles to cloud environments
- Conduct application testing or penetration testing
Protect data across hybrid cloud environments:
- Gain visibility and control over data in hybrid cloud environments
- Protect data as it moves between databases, applications, and services
- Utilize data activity monitoring solutions
Use security AI and automation to increase speed and accuracy:
- Embed AI and automation throughout security tool sets to enhance threat detection, response, and investigation.
- Use mature AI technologies
- Integrate core security technologies for seamless workflows and shared insights, using threat intelligence reports for pattern recognition and threat visibility.
Strengthen resiliency by knowing your attack surface and practicing incident response:
- Understand your industry and organization’s exposure to relevant attacks
- Establish a team well-versed in IR protocols and tools
- Develop IR plans and conduct regular testing.
Source: IBM
