The Cost Of Breach-2021 report, published for the 17th time this year by IBM Security , was prepared based on the research data compiled by the independent company Ponemon Institute from 537 breaches in 17 countries and 17 different sectors in 2021 , and as a result of the analysis of this data by IBM security experts.
According to this report; Between 2020 and 2021, data breach costs increased by 10% from $3.86 million to $4.24 million, reaching the highest cost in the last 7 years. While the average cost of a data record (per person) was $141 in 2020, the average cost in 2021 is $161, an increase of 10.3% .
As the most common attack vector in 2021 , the capture of credentials ranks first with 20% . These are phishing attacks at 17% , cloud misconfiguration at 15% , and business email compromise at 4%, respectively.
The average data breach cost in 2021 for organizations with high compliance gaps is $5.65M, compared to $3.35M for low compliance organizations, a 51% difference.
The average cost of data breaches for organizations without security automation is 6.71M$, the average cost of data breaches for organizations with security automation is 2.90M$, and the cost difference represents the highest cost difference with 3.81M$ .
In organizations with Cyber Security automation, data auctions are detected, identified and taken under control with an average of 247 days. On the other hand, organizations that do not have a violation are detected with 324 days, resulting in a difference of 77 days and 22% in the violation life cycle .
The risk of institutions with high cloud migration maturity decreases
The average cost of data breaches for organizations without security automation is 6.71M$, the average cost of data breaches for organizations with security automation is 2.90M$, and the cost difference represents the highest cost difference with 3.81M$ .
In organizations with Cyber Security automation, data auctions are detected, identified and taken under control with an average of 247 days. On the other hand, organizations that do not have a violation are detected with 324 days, resulting in a difference of 77 days and 22% in the violation life cycle .
The report also examines the impacts of data breaches in the cloud and the impact of cloud migration on breach costs . Hybrid cloud breaches cost an average of $1.19M , or 28.3%, less than public, private, and on-prem cloud breaches . Cloud modernization appears to help reduce breach response times. Companies that experience a breach during a comprehensive cloud migration face higher costs, while those further along in their public cloud modernization strategies appear to be able to detect and respond to breach incidents more effectively. Organizations mature on cloud platforms appear to successfully prevent a breach 77 days faster than those in the early stages of their migration (252 vs 329 days) .
Recommended to minimize the financial impact of data breaches:
- With SIEM and SOAR software, the efficiency of security operations is increased and processes are automated. In this sense, by reducing rapid response times to data breaches, visible reductions in the cost of data breaches can be achieved.
- Institutions that implement the Zero Trust Security model have seen a reduction in the cost of data breaches compared to institutions that do not. With the Zero Trust Security model; As organizations change their remote working policies and use more disconnected, hybrid multi-cloud environments, protection of data and resources with proper connectivity can be ensured by providing only limited availability.
- Incident Response Drills and Stress Tests need to be carried out to increase cyber resilience .
- With the COVID-19 outbreak, endpoint security is important in remote working. With its Unified End Management (UEM) and identity access management (IAM) products, it provides support for visibility into suspicious activities, access to endpoints, accelerating investigations and isolating damage.
- To detect data breaches and increase containment efforts, risk investigation methodology can be helpful. It is necessary to invest in Risk Management and Compliance programs .