Content, Content

IBM: Security Automation Illuminates Divide in Data Breach Costs

Do organizations with fully advanced security processes, such as automation and formal incident response teams, pare their financial and brand losses from data breaches as compared to those that don’t?

A recently released IBM Security study explores that very question.

The short and the long answer is yes, security automation saves money. Data breaches worldwide cost companies nearly $4 million on average per incident, 80 percent of which resulted in exposed personally identifiable information (PII), said IBM in its 2020 Cost of a Data Breach Report, built on input from 3,200 security professionals. Of the various types of data compromised in breaches, customer PII was the costliest, based on data IBM compiled from 524 organizations in 17 countries serving 17 industries that had been victimized by data breaches from August, 2019 to April, 2020.

Flashback: The research began months before the COVID-19 pandemic took root worldwide and after most of the breaches studied had occurred. A companion IBM study released in June on the impact of teleworking on cybersecurity found some cognitive dissonance: For example, 93 percent of those newly working from home are confident in their company's ability to keep PII secure, yet 52 percent are using their personal computers for work often with no new tools to secure it.

Between the lines:
While the cost per event slid a scant 1.5 percent from last year’s $3.92 million to $3.86 million, don’t read too much into the margin, IBM cautioned. On the surface, the figures suggest that breach costs have plateaued. But a deeper look reveals a growing divide in data breach costs between organizations with more advanced security processes and those without those resources and tools.

Top line findings:

  • Companies using artificial intelligence, analytics and automated orchestration lost $2.5 million in breach costs on average compared to the $6 million those without similar tools experienced.
  • Businesses victimized by compromised credentials lost nearly $4.8 million per data breach or $1 million more than the global average.
  • Breaches in which 50 million records or more were compromised, costs upticked to $392 million from $388 million the previous year. Breaches where 40 to 50 million records were exposed cost companies $364 million on average, an increase of $19 million compared to 2019.
  • State-sponsored attacks averaged $4.4 million in data breach costs, more than financially motivated cyber criminals and hacktivists.

“At a time when businesses are expanding their digital footprint at an accelerated pace and security industry’s talent shortage persists, teams can be overwhelmed securing more devices, systems and data,” said Wendi Whitmore, IBM X-Force Threat Intelligence vice president. “Security automation can help resolve this burden, not only enabling a faster breach response but a significantly more cost-efficient one as well.”

Three big takeaways:

  1. Automation saves money. Businesses with fully deployed security automation show a cost-saving difference of $3.6 million in a data breach over companies that have yet to deploy advanced technologies. The cost gap has grown by $2 million since 2018.
  2. Automation enables shorter response times. Artificial intelligence, machine learning, analytics and other forms of security automation enabled companies to respond to breaches nearly 30 percent faster than companies that lack security automation.
  3. Incident response preparation saves money. Companies with both an IR team and make use of tabletop exercises or simulations to test IR plans experience $2 million less in breach costs.

How can companies minimize the financial and brand impact of a data breach?

  • Invest in security orchestration, automation and response to help improve detection and response times.
  • Adopt a zero trust security model to help prevent unauthorized access to sensitive data.
  • Stress test your incident response plan to increase cyber resilience.
  • Use tools that help protect and monitor endpoints and remote employees.
  • Invest in governance, risk management and compliance programs.
  • Minimize the complexity of IT and security environments.
  • Protect sensitive data in cloud environments using policy and technology.
  • Use managed security services to help close the security skills gap.
D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.