The average global cost of a data breach fell slightly from 2019-2020 but COVID-19 is likely to increase the financial impact and incident response times thanks to mass remote working, according to IBM.
Published today, the tech giant’s annual Cost of a Data Breach Report is compiled from analysis of 524 breached organizations and covers 17 countries and 17 industries.
The average breach cost of $3.86m is 1.5% down on last year’s study, but this is not necessarily a cause for celebration.
“Costs were much lower for some of the most mature companies and industries and much higher for organizations that lagged behind in areas such as security automation and incident response processes,” the report noted.
What’s more, the impact of mass remote working is expected to add $137,000 to these costs, delivering an adjusted average total cost of $4m, higher than last year’s $3.92m.
So-called “mega breaches” also experienced a surge in associated costs: for between one and 10 million records lost the costs are said to be $50m on average, while for breaches of over 50 million records the figure is a whopping $392m. That’s up from $388m in 2019 and is more than 100-times the average for breaches of under 100,000 records.
Cloud misconfigurations tied stolen or compromised credentials as the number one cause of breaches resulting from malicious attacks (19%).
Configuration errors caused the average breach cost to jump by half a million dollars to $4.41m, however, compromised credentials lead to an even bigger financial hit, adding $1m to breach costs for an adjusted average of $4.77m.
Lost business comprises the biggest chunk (40%) of cost following a breach, increasing from $1.42m in 2019 to $1.52m this year. This can include customer churn, system downtime and the cost of finding new business, according to IBM.