An article published on the My Broadband website shares some rather startling figures on the consequences when hackers manage to gain access to your data. The researchers identified several trends among South African organisations which impacted their susceptibility to data breaches:
The average data breach costs a South African company R46 million and takes around eight months to detect and contain, a new study from IBM Security has found.
Data breaches in the financial, industrial and services industries were the most expensive by industry, at R1,548 per record.
The 2021 Cost of a Data Breach Report, conducted by the Ponemon Institute, is based on an in-depth analysis of real-world data breaches experienced by organisations in South Africa.
The study suggested that security incidents at organisations have become more costly and harder to contain due to big operational shifts, increasing costs to South African companies by 15% compared to 2020.
According to the report, the average time it took a South African company to recover from a data breach was 237 days – 184 to detect and a further 53 to contain. This is the longest this average has been in six years.
It also found that containing a breach in under 200 days could save a company almost R7 million, while each lost or stolen record cost around R2 300.
Sheldon Hand, IBM Southern Africa head of data, AI, automation, and security said that South African organisations have growing remote workforces, which led to more sensitive data moving across less controlled environments.
“Organisations need to double down on protecting their most valuable data – whether it’s customer, employee and company information – and ensure they have advanced security processes, like automation and formal incident response teams, in place.”
The report’s findings indicate that business security may have lagged behind these rapid IT changes, hindering organisations’ ability to respond to data breaches.
Remote work impact
Companies with more than 50% remote work adoption took longer to identify data breaches, on average taking 214 days to identify them and 52 days to contain them.
Compromised credentials
Compromised business emails were the most common method of attack to breach companies in the study — costing organisations over R71 million on average.
Malicious insider attacks, social engineering, and vulnerabilities in third-party software were some of the other primary initial attack methods for data breaches, with all three costing above R50 million on average.
Modernising lowered costs
The adoption of AI, encryption, Incident Response testing and cyber-resilience were the top mitigating factors that reduced the breach costs, saving companies between R2.7 million and R3.3 million compared to those that did not have significant usage of these tools.
The study also pointed out two specific measures that allowed companies to better deal with data breaches.
- Firstly, a zero-trust security approach, which uses AI and analytics to continuously validate connections between users, data and resources, had an average data breach cost of R29 million, R25 million less than when not using this approach.
- Secondly, incident response teams and plans also reduced data breach costs among the studied companies.
“Companies with an incident response team that also tested their incident response plan managed to save R3 million in the case of a data breach, while those that had put an incident response team in place, cut the average cost by R2.7 million,” IBM Security stated.