Data breaches cost SA companies R40.2-m per incident

Cyber security incidents involving data breach cost South African companies R40.2-million per breach on average, with malicious attacks on customer, employee and corporate data the most prevalent ( accounting for 48% of incidents) – and proving to be the costliest cause of breaches to businesses.

This is according to the 2020 Cost of a Data Breach Report, sponsored by IBM Security and conducted by the Ponemon Institute.

Sheldon Hand, IBM Security Business Unit Leader – Southern Africa.

Sheldon Hand, IBM Security Business Unit Leader – Southern Africa, said financial, retail and transportation Industries are the top three ranked industries by attack volume according to the IBM X-Force Threat Intelligence Index 2020, released February 2020.

“From a cost perspective industries which suffered the highest financial losses per record were the Industrial, Services and Financial industries. What we're seeing is that highly regulated industries experienced a significantly higher average total cost than less regulated industries. Public sector organisations traditionally have the lowest cost of a data breach in this research, because they are unlikely to experience a significant loss of customers as a result of the data breach. This year's report also revealed that the energy, healthcare and retail industries experienced the highest increases in the average total cost, while public sector, education and media had the greatest decreases in data breach costs over the past three years. “

Mega breach

Hand said it was interesting to note from the study that while the average total cost of a data breach declined slightly year-over-year, costs increased for many organisations.

“Despite a nominal decline from R43 million in the 2019 study to R40.2 million in the 2020 study, costs were much lower for some of the most mature companies and industries and much higher for organisations that lagged behind in areas such as security automation and incident response processes. Similarly, deeper analysis of the average cost of a single lost or stolen record (cost per record) showed wide variability, depending on the types of data lost or stolen in a breach.’

“What we're also watching with great interest is the increase of mega breach costs by millions. Companies that experienced breaches of more than 1 million records, which is considered a mega breach, continued to see costs that were many times the overall average. Globally, breaches of 1 million to 10 million records cost an average of $50 million, more than 25 times the average cost of $3.86 million for breaches of less than 100,000 records. In breaches of more than 50 million records, the average cost was $392 million, more than 100 times the average.”

Examining cost factors which contribute to the cost of the data breach in South Africa, the study found that:

• For companies studied in South Africa, the average time to identify a data breach increased to 177 days (from 175 days in 2019), and the average time to contain a data breach once identified decreased to 51 days (from 56 days in2019). The global average to identify a data breach was higher at 207 days with an average time of 73 days to contain the breach.

• In South Africa, the three root causes of data breaches identified as malicious or criminal attack (48%), human error (26%) and system glitches (26%)

• On average, malicious or criminal attacks took 191 days to identify and 62 days to contain. Human error 1breaches took 164 days to identify and 40 days to contain while system glitch breaches took 163 days to identify and 44 to contain.

• The amount of lost or stolen records also impacts the cost of a breach, costing R1,984 per lost or stolen record on average – a 9.35% decrease from 2019.

• Investments in smart tech resulted in lower breach costs as companies who had fully deployed security automation technologies (which leverage AI, analytics and automated orchestration to identify and respond to security events) experienced lower data breach costs compared to those who didn’t have these tools deployed.

Shifts affecting Africa

Hand said while the study is only conducted with South African companies, the COVID-19 pandemic had widespread impact, and the continent is also faced with a growing remote workforce which results in sensitive data moving across less controlled environments with limited network visibility, making it more vulnerable to a data breach.

It also highlights the growing divide in data breach costs between organisations with more advanced security processes, like automation and formal incident response teams, and those with less advanced security postures in these areas.

“These are shifts affecting the continent and facing many organisations no matter where they are located in Africa,” Hand added.

But how much of the problem lies with employee behaviour/ awareness/ user education?

Hand said organisations need to double down on protecting their most valuable data. Customer, employee and company information was exposed in a large number of breaches, and now that many businesses may not have the visibility and control over data as they did prior to the shift to remote work models, this data is becoming more vulnerable.

“With the growing adoption of hybrid work models with organisations requiring employees to work remotely due to COVID-19, less controlled environments are increasing the need to safeguard sensitive data at rest and in transit. This means there is a growing need for companies to provide employees with new guidelines on how to handle personal information while they work from home to mitigate the data protection challenges they now face. The reality is that businesses expect spikes in data breach costs to correspond with an increase in their remote workforce - and we're also seeing how the lack of cloud-enabled security services and complex security systems are also contributing to the growing data challenges.”

He continued: “Risks that we’ve been talking about for years, like password reuse, not patching, and improperly configured clouds are major cost ‘exacerbators’ in a breach.”

According to Hand, not only are these the most common ways attackers are creeping into companies, they are also the most financially damaging. Employees working from home are still reusing passwords for business accounts, widening access points for attackers and with billions of stolen emails, usernames and passwords on the Dark Web, cybercriminals essentially have a digital “master key” to grant them access into various businesses environments.

SOAR investment.

Hand said: “In this year's cost of a data breach study, security automation was found to significantly reduce the average time to identify and respond to a breach as well as the average cost. Automation technologies including artificial intelligence, analytics and automated orchestration were also associated with lower than average data breach costs. This is the time for companies to invest in security orchestration, automation and response (SOAR) to help improve their detection and response times. This software and services can help organisations of all sizes and across industries accelerate incident response with automation, process standardisation and integration with their existing security tools.”

The shift to remote work also means that organisations must invest in tools for a Work-From-Home model as the use of personal devices grows and security teams don't have physical access to endpoints to quickly investigate and isolate security incidents. This shift also necessitates a zero trust security model to help prevent unauthorised access to sensitive data.

Read more