Cybersecurity

Average Cost of a Data Breach is $2.62 million – IBM Ponemon

The average cost of a data breach in the APAC region is $2.62 million, according to the IBM Ponemon “Cost of a Data Breach” report which was released on July 30, 2019.

In Japan and Korea, the average cost of a data breach is much higher, at $3.75 million and $3.30 million. It is somewhat lower in Australia, at $2.13 million, but much higher in the Middle East at $5.97 million. The highest cost in the world is in the US, at $8.19 million.

“Cybercrime represents big money for cybercriminals, and unfortunately that equates to significant losses for businesses,” said Wendi Whitmore, Global Lead for IBM X-Force Incident Response and Intelligence Services. “With organisations facing the loss or theft of over 11.7 billion records in the past 3 years alone, companies need to be aware of the full financial impact that a data breach can have on their bottom line –and focus on how they can reduce these costs.”

In the areas that a data breach hits hardest, the APAC region was among the worst sufferers in damages in the past year, according to the report. These areas are abnormal customer turnover (greater-than-expected loss of customers since the breach occurred), average size of a data breach (number of records lost or stolen), average total cost of a data breach and per record cost. Abnormal customer turnover after a breach was up 10 per cent in the region, and per-record cost also rose 10 per cent.

APAC region sees 22,500 records breached in an average attack

The APAC region saw an increase of 4.89 per cent year-on-year at a regional level, up from $2.53 million in 2018. In the region, 22,500 records are breached in an average attack – at a cost of $176 per lost record – with the time to identify and contain a breach standing at 190 days and containing the attack at 69 days. The industry with the highest average for cost per record is financial services.

Ponemon notes the specific threat, posed in the APAC region, of Denial of Service attacks – massive assaults on a website – and Web Application attacks – attacks on computer programs allowing website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser. Businesses surveyed by Ponemon and Akamai estimated that the total average cost of web application attacks in APAC over the past 12 months was $2.4 million per company, while the total average cost of DoS attacks was $1.1 million. The study found that companies spent an estimated $903,830 and $294,627 on web application attacks and DoS attacks respectively.

The danger of a data breach has increased by one-third in the past two years, the report warns.

Malicious attacks devastate with highest costs

The global average cost of a data breach is $3.92 million, up from 3.50 million in 2014.

Malicious Breaches are devastating, – the most common and the most expensive attacks. Over 50 per cent of data breaches in the study resulted from malicious cyberattacks and cost companies $4.45 million on average, $1 million more on average than those originating from accidental causes such as system glitch and human error. These breaches are a growing threat, as the percentage of malicious or criminal attacks as the root cause of data breaches in the report crept up from 42 per cent to 51 per cent over the past six years of the study (a 21 per cent increase).

Inadvertent breaches from human error and system glitches were still the cause for nearly half (49 per cent) of the data breaches in the report, costing companies $3.50 million and $3.24 million on average respectively. These breaches from human and machine error represent an opportunity for improvement, which can be addressed through security awareness training for staff, technology investments, and testing services to identify accidental breaches early on.

One particular area of concern is the misconfiguration of cloud servers, which contributed to the exposure of 990 million records in 2018, representing 43 per cent of all lost records for the year according to the IBM X-Force Threat Intelligence Index.

Long-term costs are significant

The study researched, for the first time in its history, the long-term costs of data breaches.

While an average of 67 per cent of data breach costs were realised within the first year after a breach, 22 per cent were added in the second year and another 11 per cent accumulated more than two years after a breach. Companies require vast efforts over a long period to recover from breaches, the study showed.

The long-term costs were higher in the second and third years for organisations in highly-regulated environments, such as healthcare, financial services, energy and pharmaceuticals.

Diligent Governance Cloud provides the highest grade of security

As the report shows, maintaining IT security is more difficult than ever. Boards are looking at cybersecurity with a new level of scrutiny and applying that scrutiny to their own operations. Are their agendas, minutes, reports and supporting documents safe against escalating online threats?

A world of governance and IT knowledge informs the security behind our Governance Cloud ecosystem, which includes Diligent Boards, Diligent Messenger, Diligent Evaluations, and Diligent Conflict-of-Interest module. Data is hosted on secure servers and a world-class infrastructure that Diligent owns and operates. As part of Governance Cloud, all Diligent solutions are ISO and TRUSTe-certified and internationally audited, with robust customisable encryption and data access. If a device is lost or compromised, our remote wiping capabilities allow you to swiftly mitigate risk.

Good governance isn’t just one thing – so why buy software that only manages your board documents? At Diligent, we empower leading organisations around the world to turn good governance into a competitive advantage for their business. In the ever-changing landscape of the world, governance hasn’t kept up with the fast pace of business. Quarterly board meetings, paper board books and not using secure communication tools for sensitive data have opened up numerous companies to risk.

Diligent Messenger is a tested means for calls and messaging, one that enjoys the highest grade of security.

And Diligent’s board assessment tool enables the CEO to share what he finds the board does well, and where they need improvement. And this can be done in complete confidence that the discussion will remain confidential.

With Diligent, boards can gain a competitive edge to improve governance by having the right information, analytics and insights to spot risks, act on opportunities and turn insights into action.

 

 

 

Featured Blog