Data breaches are costing Canadian businesses more than ever

COVID-19 has necessitated much of the global workforce to transition to a work-from-home model. This has forced organizational resources to access sensitive data via new remote pathways hastily built in early days of the pandemic crisis; yet, many remain captive of their legacy systems in lieu of a more ideal state of cloud-based business workloads. As a result, there are more opportunities for critical security incidents especially if companies don’t ensure the right tools and policies are in place.

During a time when businesses are expanding their digital footprint at an accelerated pace, while also battling a continuing talent shortage in the security industry, staff can be overwhelmed from securing more devices, systems and data than ever before. Additionally, a recent IBM study found that more than half of surveyed employees new to working from home have not been provided with updated guidelines on how to handle customers’ personally identifiable information. In fact, this gap in preparation has triggered 80% of data breaches which have been determined to be costliest breaches of all. 

In the midst of these challenges, it is important for business leaders to understand the risks and costs they might face if customer or other sensitive data is exposed. IBM Security’s just released Cost of a Data Breach report, conducted by the Ponemon Institute, sheds light on the financial damages that occur in the aftermath of a data breach. According to the report, 70% of businesses that adopted remote working protocols due to the pandemic have indicated they expect future breach costs to rise during this ‘new normal’.

Based on an in-depth analysis of 500+ real world data breaches, the report found that these incidents cost companies $3.86 million (USD) per breach on average, globally – and compromised employee accounts were the most expensive root cause. The average total cost of a data breach in Canada is $6.35-million (CDN), an increase of 6.7% from 2019.

Other Canadian statistics from the report are:

• $269 was the cost per lost or stolen record in the 2020 study, an increase of 7.2% from 2019.
• 42% of data breaches were caused by malicious attacks.
• The average time to identify a data breach decreased from 176 to 168 days.
• The average time to contain a data breach also decreased from 65 to 58 days.

Additional global findings include:

Smart Tech Slashes Breach Costs in Half: Companies studied who had fully deployed security automation technologies, which leverage AI, analytics and automated orchestration to identify and respond to security events, experienced less than half the data breach costs compared to those who didn’t have these tools deployed – $2.45 million versus. $6.03 million on average.

Paying a Premium for Compromised Credentials: In incidents where attackers accessed corporate networks through the use of stolen or compromised credentials, respondents saw nearly $1 million higher data breach costs compared to the global average – reaching $4.77 million per data breach. Exploiting third-party vulnerabilities was the second costliest root cause of malicious breaches ($4.5 million) for this group.

Mega Breach Costs Soar by the Millions: Breaches wherein more than 50 million records were compromised saw costs jump to $392 million from $388 million the previous year. Breaches where 40 to 50 million records were exposed cost studied companies $364 million on average, a cost increase of $19 million compared to the 2019 report.

Attackers Are Leveraging Employee Credentials and Misconfigured Clouds: The study also found that stolen or compromised credentials and cloud misconfigurations were the most common causes of a malicious breach for companies, representing nearly 40% of malicious incidents. Companies need to rethink their security strategy and reconsider how they authenticate users and the extent of access users are granted – especially now when so much of the workforce is working beyond traditional network parameters.

Advanced Security Technologies Can Save Companies Millions:  What can companies to help minimize the impact of a breach? One major finding the study found was a growing divide in breach costs between businesses implementing advanced security technologies and those lagging behind. In fact, there’s a cost-saving difference of $3.58 million for companies studied in the report with fully deployed security automation versus those that have yet to deploy this type of technology.

Security automation can also lead to a significantly shorter response time to breaches, which is a key factor shown to reduce breach costs – AI, machine learning, analytics and other forms of security automation enabled companies to respond to breaches an average of over 27% faster. Without any advanced security tools in place, it can take an average of 74 additional days to identify and contain a breach. When longer breach cycles can surmount to millions of dollars more in costs to organizations, fully deployed security automation can slash costs by more than half, leading to a much quicker – and cheaper – breach response.

You can check out more detailed findings on this topic by downloading the full report here.

Ray Boisvert is associate partner of IBM Canada Security Services.