Penetration TestJan Kahmen9 min read

Data Protection - This is What the IBM Study Revealed

The IBM study shows you how high these costs are on average. In 2015, the Cost of Data Breach Study revealed devastating effects.

Table of content

Data protection is becoming increasingly important. That is why IBM Security has been publishing the Cost of a Data Breach Report for many years. It is a compilation and evaluation of data breach incidents. The study is based on 500 incidents in 17 countries. The goal of the IBM study: to make you aware of the dangers and to provide you with a comprehensible trend of the expected costs.

The IBM Study Looks at the Costs of Data Breaches

It's common knowledge that data breaches cost companies a lot of money. IBM's study shows you what those costs are on average. In 2015, the Cost of Data Breach Study revealed devastating effects. However, spending seems to be falling slightly worldwide for the time being. The reason for this, however, is not that fewer cyberattacks are taking place. Rather, more and more companies are arming themselves against them. After all, a data breach not only means high costs, but also a possible loss of image.
The important thing about the IBM report is that it is not a theoretical extrapolation of potential expenses. Instead, IBM Security shows you what expenses you should actually expect should the same thing happen to your company. This makes it clear how important data protection is today.

Data Protection and its Breach - Here's How the IBM Study Went Down

Regular training and a rotational pentest will help you uncover and close security gaps. The Data Breach Report shows why a Security Operations Center is increasingly important. And what more AI in cyber security can do in this context. Because the high costs can have a devastating impact on your business.
IBM's Data Breach Report focuses on 17 industries from 17 countries. It covers 524 organizations worldwide. In total, IBM security experts surveyed 3,200 people. The group of people surveyed had themselves experienced a data breach in the company. As a result, those affected were forced to take extensive measures afterwards. The Data Breach Report thus concentrates on incidents of an immense magnitude: the areas examined were those in which the number of compromised data records was between 3,400 and 99,730.

The IBM report considers the following aspects:

  • How much does a data breach cost you on average?
  • In which countries can you expect high costs from such an incident?
  • Which industries are considered particularly risky in this area?
  • How long does it take on average before such incidents are detected and remedied?

Although the focus of the Data Breach Study is on the costs in the event of a data breach: it shows you that they are significantly lower if you implement modern security processes in your company. These include, for example, regular training of your employees to make them aware of cyber dangers. Recurring static code analysis is also part of such protective measures.
Costs from data breaches have increased significantly since 2015
The 2015 Cost of Data Breach Study presents clear numbers: The total cost of a data breach, as well as the ### cost of each compromised data set, is again rising immensely. Meanwhile, the financial outlays you have to incur afterwards are at a very high level. In fact, in the 2015 IBM report, they reached their highest level since the report was published. In the coming years, we can assume that the figures will be at a comparable level. Or, that they will even increase.

Data Protection: The Four Most Important Findings of the IBM Report

IBM Security offers key insights in its annual reports that show you how important data protection is. These include:
High cost of ransomware incidents.
The average cost of ransomware breaches exceeds the expense of normal data breaches. Particularly problematic are those attacks that go undetected for long periods of time and can lead to system outages and customer turnover.
Credentials as a key attack vector
Another finding from the IBM Data Report is that exposed credentials are particularly at risk. They account for 20 percent of data breaches and provide an important basis for phishing and social engineering.
Duration affects the amount of damage
The cycle of a security breach usually amounts to several months. However, this time frame is critical. After all, the earlier you discover the problem, the faster you can respond. In addition, early detection ensures that the damage is limited - including financial losses.

Automatisms Reduce Costs

According to IBM Security, the best way to reduce the cost of cyber security incidents is through security automation. Of course, implementation is an investment - but once the emergency occurs, it pays off. The average cost in such cases is only half. And that's compared to manual and inadequate IT security.
These four cost factors exist when remediating the data breach
When it comes to remediating the data breach, a total of four cost factors play a key role.

  • Detection and escalation: These costs relate to investigation activities, testing services and crisis management.
  • Lost Business: There is a loss of revenue due to the compromise that results from the system outage.
  • Notification: Communicating with regulators and identifying regulatory requirements involves a lot of effort. In addition, you will need to engage external consultants to remediate the breach.
  • Follow-up: After the breach, you need to keep a closer eye on accounts and communications. You should also accommodate your customers to compensate for the inconvenience. Depending on the extent of the damage, this can result in very high costs.

Causes of Data Privacy Breaches

The most common causes of a data protection breach are system malfunctions, human error and malicious attacks. However, you can counteract human error in particular with the appropriate training and other assistance. A particularly important factor: the assignment of secure passwords. And so is responsible use of software, e-mail and the Internet in general.

Time is the Most Important Cost Factor in Data Privacy Breaches

The most important factor in data protection is time. This is also confirmed by the IBM Security study. The faster you can uncover such an incident, the lower the expenses will be. Nevertheless, it is usually almost impossible to detect the data breach on the first day. On average, it takes 207 days before the breach is detected and 73 days to contain it. In the case of targeted attacks from outside, however, this period can be significantly longer. The damage to your company is correspondingly high.
IBM study on data protection: Most companies see the GDPR as an opportunity here.
The IBM Data Report shows: For many companies, the DSGVO is an aspect they do not want to do without. This is because it represents an important basis for getting rid of large amounts of data. Many organizations initially find it difficult to break away from this legacy. But this approach is proving increasingly successful.

Data Protection: These are the Challenges and Opportunities for Companies

You already know that a data breach becomes a problem. The IBM study also shows that there are still numerous challenges for companies. The biggest of these is dealing properly with personal data. This includes the accuracy of the data collected and stored as well as the data processing principles used. In this context, cross-border data transfer also remains a problem. Many companies are not yet sufficiently prepared for this.
Nevertheless, the new GDPR presents not only obstacles, but also opportunities: By constantly raising awareness, you are constantly being asked to improve your incident response plans. You need to define a comprehensive plan in case of an emergency. This reduces the fear of cyberattacks and helps you respond properly.

Conclusion - Here's what to learn About Data Protection from the IBM Study

IBM-Security's study shows you how important data protection is. Data breaches and cybersecurity incidents are on the rise and are increasingly costly. One important point to take away from the IBM Data Report: With the right IT security precautions in place, costs are significantly lower in the event of an emergency. On average, they are 3.58 million U.S. dollars lower than if you use no or outdated security technologies.
Investing in a security operations center is therefore even more important today than ever before. Many of these solutions don't rely on you to intervene directly. Rather, you benefit from regular risk assessment and compliance with regulatory requirements. A rotational static code analysis and pentest complement the security of your IT infrastructure. Both help you identify potential threats at an early stage.


Curious? Convinced? Interested?

Schedule a no-obligation initial consultation with one of our sales representatives. Use the following link to select an appointment: