Canada is top 3 for data breach costs warns IBM

Financial services among the industries where the costs of a data breach incident is most costly

Canada is top 3 for data breach costs warns IBM
Steve Randall

Data breach incidents are becoming harder for companies to contain, and costs are rising according to newly-released research.

IBM’s analysis of more than 500 organizations suggests that the swift adoption of work-from-home practices during the pandemic, frequently using cloud-based technologies, may have compromised security and left IT teams less able to respond to data breaches.

The financial services sector is among those most often targeted by hackers and the potential for criminals to use compromised data - especially customer credentials - for further illegal activity creates additional risk.

The average cost of a data breach has reached US$4.27 million per incident, the highest in the 17 year history of the annual Cost of a Data Breach Report.

For financial services, the cost was higher than average at $5.72 million per incident.

Across all industries, Canada ranked the third most expensive globally at $5.4 million, behind the Middle East ($6.93m) and the United States ($9.05m).

Reused passwords

Compromised credentials account for 20% of the data breaches recorded in the analysis, making this the top risk.

Recently, fake emails purporting to come from the CSA and IIROC have been detected, prompting the regulators to issue a warning to investors and wealth professionals.

The number of incidents that led to personal information such as name, email, password, and even healthcare data, being exposed reached 44%.

Where compromised credentials were involved in the breach, it took an average 250 days to detect and contain the breach compared to an average 212 days across all incidents.

These stats highlight the importance of stringent personal security practices although a staggering 82% of respondents admitted that they reuse passwords across accounts.

Key risks in 2020

Along with compromised credentials, the study, conducted by Ponemon Institute and sponsored and analyzed by IBM Security, identified several key trends amongst the organizations studied:

  • Remote working – this added an average $1 million to the cost of an incident.
  • Healthcare breach most costly – at $9.23 million per incident, the sector faced the most expensive data breaches, up $2 million compared to the previous year.
  • Technology helps - the adoption of AI, security analytics, and encryption were the top three mitigating factors shown to reduce the cost of a breach, saving companies between $1.25 million and $1.49 million compared to those who did not have significant usage of these tools.

"Higher data breach costs are yet another added expense for businesses in the wake of rapid technology shifts during the pandemic," said Chris McCurdy, Vice President and General Manager, IBM Security. "While data breach costs reached a record high over the past year, the report also showed positive signs about the impact of modern security tactics, such as AI, automation and the adoption of a zero trust approach – which may pay off in reducing the cost of these incidents further down the line."

Modernization cut costs

The cost of a breach was $750,000 higher than average at organizations that had not undergone any digital transformation due to COVID-19 (16.6% higher than the average).

Companies that adopted a zero trust approach, where the entire network is assumed to be compromised after a data breach incident, saw the cost of an incident fall by around $1.76m to $3.28m.

The report also found that the average cost of a mega breach (50-65 million records) was $401 million, nearly 100 times more expensive than the majority of breaches studied in the report (1,000-100,000 records).