IBM Report Reveals Economic Impact of Data Breaches
IBM published a report today that suggested data breaches are starting to have a material impact on the cost of goods and services.
An IBM analysis of data breaches that occurred in 550 organizations found the average cost of a data breach has now reached an all-time high of $4.35 million for the organizations IBM studied, a 13% increase since the last time IBM published a similar report two years ago.
A total of 60% of respondents reported they have raised prices on their products or services as a direct consequence.
Limor Kessem, executive security advisor for IBM, said organizations can’t absorb the cost of data breaches without passing them along to customers in some form or another. In effect, data breaches are now a digital ‘tax’ that is being added to the cost of goods and services, she added.
In fact, the smaller the company the less financially able they are to absorb the cost of a data breach, Kessem noted. The expectation is that data breaches are now a cost of doing business. Investors in these organizations expect data breach costs will be covered by the revenue that organizations generate without negatively impacting profits, she said.
Overall, the IBM report found that 83% of respondents experienced at least one breach, with 50% of those costs occurring more than a year after the breach was initially discovered.
The IBM report also made it clear that most organizations still have a lot of work to do in terms of improving their security posture. The report found that 80% of the organizations that need to protect critical infrastructure have yet to implement a zero-trust approach to IT. The IBM report found that data breaches within organizations that don’t have a zero-trust strategy cost, on average, $5.4 million compared to $1.17 million for those that have adopted zero-trust.
A total of 43% of the organizations studied have not or are still in the early stages of applying security practices across cloud environments. As a result, they have incurred $660,000 in higher breach costs on average than organizations with mature cloud security practices, according to the report.
The report also found organizations that have fully deployed security AI and automation incurred, on average, $3.05 million less in data breach costs than those that have not.
Finally, the report noted that ransomware victims that caved into demands only saw $610,000 less in average breach costs compared to those that chose not to pay, exclusive of the cost of the ransom itself.
It’s not clear how severely cyberattacks are sapping the global economy, but it’s clear that far too few organizations are doing enough to thwart these attacks. Despite all available evidence to the contrary, many business leaders are likely hoping law enforcement agencies will make the problem go away. However, as most cybersecurity professionals well know, the odds of that happening are slim to none.
