Data breaches are one of the biggest problems a company can be subjected to. Data is at the heart of an organization and cannot be filtered and exposed online.
A 2021 report gives a fairly correct view of what data breaches are. This report studied the initial attack vectors that were primarily responsible for causing the violations. In addition, the time it took organizations to detect and contain their violations. And finally, the effects of incident response and artificial intelligence security (AI) and automation on the average total cost.
Data Breaches Report 2021
The IBM website has just provided a report on the 2021 data breaches. The Annual Data Breach Cost Report provides information on 537 actual breaches that help understand cyber risk in a changing world. Now in its seventeenth year, this report has become a leading reference tool that gives IT, risk management, and security leaders a perspective on factors that can increase or help mitigate the cost of data breaches.
Following independent research by the Ponemon Institute, this report – sponsored, analyzed and published by IBM Security – studied 537 actual violations in 17 countries and regions and 17 different industries.
Over the course of nearly 3500 interviews, dozens of questions were asked to determine what organizations spent on activities for discovery and immediate response to data breaches.
Key results
Key findings are based on IBM’s security analysis of research data collected by the Ponemon Institute.
10% year-on-year increase
The average total cost of a data breach increased by nearly 10% year-over-year, the largest single-year cost increase in the past seven years.
11 consecutive years
It’s now 11 consecutive years in which healthcare had the highest cost of leaks in the industry. Healthcare data breach costs increased from an average total cost of $7.13 million in 2020 to $9.23 million in 2021, an increase of 29.5%.
267 days
Data breaches took more than 200 days to identify and contain the cost on average $4.87million, compared to $3.61 million for breaches that required less than 200 days. Overall, it took an average of 287 days to identifyand contain a data breach, seven days longer than in the previous report. To put this in perspective, if an infraction
that occurred on January 1 took 287 days to identify and contain, the violation would not be contained until October.
The average time to identify and contain varies widely depending on the type of data breach, attack vector, factors such as the use of AI security and automation,and cloud modernization stage.