The Actual Cost of Data Breaches, According to IBM

Security breaches can cost South African companies an average of R40 million, according to an IBM Security study.

Based on in-depth analysis of data breaches experienced by South African organisations, the study found that malicious attacks on customer, employee and corporate data were most prevalent – accounting for 48% of incidents – and proving to be the costliest cause of breaches to businesses.

As companies are increasingly accessing sensitive data via new remote work and cloud-based business operations, the report sheds light on the financial losses that organisations can suffer if this data is compromised.

Examining cost factors which contribute to the cost of the data breach in South Africa, the study found that:

  • For companies studied in South Africa, the average time to identify a data breach increased to 177 days (from 175 days in 2019), and the average time to contain a data breach once identified decreased to 51 days (from 56 days in 2019). The global average to identify a data breach was higher at 207 days with an average time of 73 days to contain the breach.
  • In South Africa, the three root causes of data breaches identified as malicious or criminal attack (48%), human error (26%) and system glitches (26%).
  • On average, malicious or criminal attacks took 191 days to identify and 62 days to contain. Human error breaches took 164 days to identify and 40 days to contain while system glitch breaches took 163 days to identify and 44 to contain.
  • The amount of lost or stolen records also impacts the cost of a breach, costing R1,984 per lost or stolen record on average – a 9.35% decrease from 2019.
  • Investments in smart tech resulted in lower breach costs as companies who had fully deployed security automation technologies (which leverage AI, analytics and automated orchestration to identify and respond to security events) experienced lower data breach costs compared to those who didn’t have these tools deployed.

“It is becoming increasingly important for IT leaders to put security measures in place which reduce the impact of a data breach,” says said Sheldon Hand, IBM Security Leader for South Africa.

“With this year’s study, we’re seeing how costs were much higher for South African organisations that had not yet invested in areas such as security automation and incident response processes – and how complex security systems and cloud migration cost companies the most. With growing complexities facing companies, putting measures in place which significantly reduce the time it takes to investigate, isolate, contain and respond to the damage, will significantly reduce financial and brand impact.”

Edited by Jenna Delport
Follow Jenna Delport on Twitter

Follow IT News Africa on Twitter