SA Data Breach Costs Reached Record Highs During Pandemic – IBM

IBM Security announced the results of a recent study that found that data breaches now cost South African companies $3-million (R46-million) on average – the highest cost in the 6-year history of the report. Worldwide, the average financial damages caused by a data breach increased by nearly 10% year over year to $4.24 million in 2021.

Based on in-depth analysis of real-world data breaches experienced by organisations in South Africa, the study suggests that security incidents became more costly and harder to contain due to drastic operational shifts during the pandemic, with costs rising 15% for South African compared to the prior year.

Businesses were forced to quickly adapt their technology approaches last year, with many companies encouraging or requiring employees to work from home, and 60% of organizations moving further into cloud-based activities during the pandemic. The new findings from IBM released today suggest that security may have lagged behind these rapid IT changes, hindering organisations’ ability to respond to data breaches.

Average Time it Takes to Discover and Contain a Data Breach

The 2021 report revealed that the average time to detect and contain a data breach was at its highest in six years for organisations in South Africa – taking 237 days (184 to detect, 53 to contain).

Companies who contained a breach in under 200 days were revealed to save almost $462.2K (R7-million) – while it cost organisations $151 (R2300) per lost or stolen record on average.

The study found that data breaches in the financial, industrial and services industries were most expensive by industry – costing $102 (R1548) per record.

“Organisations in South Africa are faced with a growing remote workforce which results in sensitive data moving across less controlled environments making it more vulnerable to a data breach. This increases the need to safeguard sensitive data at rest and in transit,” says Sheldon Hand, Data, AI, Automation and Security Business Unit Leader for IBM Southern Africa.

“Organisations need to double down on protecting their most valuable data – whether its customer, employee and company information – and ensure they have advanced security processes, like automation and formal incident response teams, in place.”

Businesses That Modernised Had Lower Breach Costs

While certain IT shifts during the pandemic increased data breach costs, organizations who said they did not implement any digital transformation projects in order to modernise their business operations during the pandemic actually incurred higher data breach costs.

The cost of a breach was $660K (R10-million) higher than average at organisations that had not undergone any digital transformation due to COVID-19 in comparison to those at a mature stage.

Companies studied that adopted a zero-trust security approach were better positioned to deal with data breaches. This approach operates on the assumption that user identities or the network itself may already be compromised and instead relies on AI and analytics to continuously validate connections between users, data and resources.

South African organisations with a mature zero trust strategy had an average data breach cost of $1.9-million (R29-million) – which was $1.6-million (R25-million) lower than those who had not deployed this approach at all.

Investments in incident response teams and plans also reduced data breach costs amongst those studied. Companies with an incident response team that also tested their incident response plan managed to save $198K (R3-million) in the case of a data breach, while those that had put an incident response team in place, cut the average cost by $178K (R2.7-million.)

Methodology and Additional Data Breach Statistics

The 2021 Cost of a Data Breach Report from IBM Security and Ponemon Institute is based on an in-depth analysis of real-world data breaches of 100,000 records or less, experienced by over 500 organisations worldwide between May 2020 and March 2021.

The report takes into account hundreds of cost factors involved in data breach incidents, from legal, regulatory and technical activities to loss of brand equity, customers, and employee productivity.

To find out more and download a copy of IBM’s 2021 Cost of a Data Breach Report, click here.

Edited by Luis Monzon
Follow Luis Monzon on Twitter
Follow IT News Africa on Twitter