David Glimore
Cyber Security Analyst at Threat Intelligence and artificial intelligence researcher.
In the modern digital landscape, data is one of the most valuable assets an organisation can possess. However, this asset comes with a significant risk: the potential for data breaches. According to IBM's annual Cost of a Data Breach survey 2024, the average cost of a data breach has surged to approximately $5 million US dollars. This figure isn't just a number on a report; it represents a substantial financial burden that organisations must bear each time their data security is compromised.
Imagine losing not just millions of dollars but also your competitive edge, intellectual property, and most importantly, customer trust. A data breach can tarnish a company's reputation irreparably and lead to the loss of clients who may never return. The stakes are high, and the need for robust data security measures has never been more critical.
This report aims to provide an in-depth analysis of the current state of data breaches, drawing on insights from real-world incidents. We will explore the key findings from IBM’s extensive survey, which involved 600 organisations and interviews with around 3500 individuals who have firsthand experience with data breaches. These insights are not just theoretical; they are grounded in the practical realities faced by businesses globally.
The State of the Problem
The financial impact of data breaches is staggering and continually increasing. Over the past few years, the average cost of a data breach has consistently risen. In the previous year, it was around $4.5 million per breach, but this year it has escalated to $4.9 million, marking a 10% increase. This upward trend is concerning, especially for organisations operating in the United States, where the average cost can be nearly double the global average.
Certain industries are hit harder than others. For example, the healthcare sector faces the highest costs, with an average breach cost of $9.8 million. Other heavily impacted sectors include finance, industrial, technology, and energy, with costs ranging from $5.3 million to $6.1 million per breach. These figures highlight the varying degrees of risk and the substantial financial implications for different industries.
Key Findings
1. Rising Costs of Data Breaches:
- The global average cost of a data breach increased by 10% from the previous year, reaching $4.9 million.
- The United States had the highest average breach cost at $9.8 million.
- Healthcare remains the costliest industry for breaches at $9.8 million per breach.
2. Attack Vectors and Root Causes:
- Phishing and compromised credentials were the most common attack vectors, responsible for 16% and 15% of breaches, respectively.
- Many phishing attacks aim to steal credentials, making these two vectors closely related.
- Malicious insider attacks were the most expensive, averaging $4.99 million per breach.
- IT failures and human errors accounted for nearly half of all breaches.
3. Impact of AI and Automation:
- Organisations extensively using AI and automation saved an average of $2.2 million in breach costs.
- AI and automation reduced the time to identify and contain breaches, highlighting the importance of these technologies in modern cybersecurity strategies.
4. Skills Shortage:
- Over half of breached organisations reported severe security staffing shortages, a 26.2% increase from the prior year.
- The lack of trained security personnel led to an average increase of $1.76 million in breach costs.
5. Data Breach Lifecycle:
- The average number of days to identify a malicious threat actor in an IT system was 200 days.
- On average the number of days from identifying a breach to containment was 70 days.
- Breaches involving stolen or compromised credentials took the longest to identify and contain, averaging 292 days.
How SOC Teams Can Prevent Data Breaches
1. Implement Advanced AI and Automation:
SOC teams who prioritise the integration of AI and automation tools into their security infrastructure. These technologies can significantly enhance detection, prevention, and response capabilities. By automating routine tasks and analysing vast amounts of data in real-time, SOC teams can identify threats more quickly and accurately.
2. Focus on Credential Security:
Given that compromised credentials are a leading cause of data breaches, SOC teams must implement robust identity and access management (IAM) monitoring. This includes monitoring cloud and local account logins, monitoring password changes,continuous monitoring of user activities and regular security audits of the organisations IAM policies and technology.
Organisations who do not already have their own SOC team with a SIEM system should look to outsource this to a soc-as-a-service provider.
3. Strengthen Phishing Defenses:
Phishing remains a prevalent threat. SOC teams must conduct regular phishing simulations and training sessions to educate employees about recognising and reporting suspicious emails. Additionally, advanced email filtering solutions can help block phishing attempts before they reach end-users.
Organisations that regularly conducted phishing awareness training saw a significant decrease in successful phishing incidents and improved overall security posture.
5. Enhance Incident Response Plans:
SOC teams must have comprehensive incident response plans that are regularly updated and tested. This includes defining clear roles and responsibilities, establishing communication protocols, and conducting tabletop exercises to simulate breach scenarios.
Organisations who do not have incidient response plans already in place should speak to a reputable and experienced cyber security provider to establish a robust IR plan.
6. Leverage Threat Intelligence and Threat Hunting:
Utilising threat intelligence provides SOC teams with valuable insights into emerging threats and attack techniques. This proactive approach allows for better preparation and quicker response to potential breaches.
Organisations that implement proactive threat hunting can significantly reduce the meantime to identify breaches by identifying suspicious indicators of compromise before an attacker deploys ransomware or stealing data.
7. Monitor and Protect Shadow Data:
The proliferation of unmanaged data sources, or shadow data, poses a significant risk. SOC teams should implement data discovery and classification tools to identify and secure all data across the organisation, ensuring no sensitive information is left unprotected.
An enterprise that implemented a comprehensive data discovery solution uncovered multiple instances of shadow data, enabling them to secure these data points and reduce the risk of breaches.
8. Simplify Security Systems:
Complexity is the enemy of security. SOC teams should aim to simplify their security systems wherever possible. This can be achieved by centralising identity and access management and data security, reducing the need for multiple administrators and ensuring a more consistent security posture.
9. Verify Third-Party Security (Supply Chain Attacks):
SOC teams must ensure that third-party vendors adhere to strict security standards. This includes conducting regular security assessments and audits of third-party systems to verify their compliance with security policies.
Companies that regularly audit their third-party vendors' security practices are able to greatly reduce potential breaches that could originate from less secure external systems.
10. Encrypt Sensitive Data:
Encrypting sensitive data ensures that even if it is accessed by unauthorised individuals, it remains unreadable and unusable. SOC teams must implement strong encryption standards for all sensitive data, both in transit and at rest.
Organisations that encrypt sensitive data experienced minimal impact during a data breach, as the stolen data is rendered useless to the attackers and thus any demand for ransom is pointless. This also stops the common double extortion tactic deployed by ransomware groups.
11. Leverage Law Enforcement:
Engaging with law enforcement can significantly mitigate the impact of ransomware attacks. Organizations that involved law enforcement in ransomware cases were more likely to avoid paying ransoms.
Conclusion
The IBM Cost of a Data Breach Report 2024 underscores the evolving challenges SOC teams face in preventing data breaches. By leveraging AI and automation, focusing on credential and phishing defenses, addressing skills shortages, enhancing incident response plans, utilising threat intelligence, monitoring shadow data, simplifying security systems, verifying third-party security, encrypting sensitive data, and involving law enforcement, SOC teams can significantly reduce the likelihood and impact of data breaches. Continuous improvement and adaptation to emerging threats will be key to maintaining robust cybersecurity defenses in the years to come.
Contact us today for a personalised consultation to discover how the Evolve suite of products can meet your specific security needs. Our team will work with you to assess your current security posture, identify potential vulnerabilities, and tailor a solution that maximises protection and efficiency.
Schedule a consultation with one of our experts today!
Share
Explore the world of cybersecurity preparedness through real-life tabletop exercise scenarios.
In this blog post, we'll explore the legal ramifications of data breaches and provide best practices to help safeguard your business.
Master incident response with a foolproof plan. Learn the 4 phases & 5 steps to detect, contain, & recover from cyber threats. Protect your business now!
Actionable threat intelligence is distilled, contextual and real-time data about threats and threat actors that empowers security teams to identify, prioritise and mitigate security risks.