The 2022 report revealed that the average time to detect and contain a data breach was at its highest in seven years for organisations in South Africa – taking 247 days (187 to detect, 60 to contain). Companies that contained a breach in under 200 days were revealed to save almost R12m – while breaches cost organisations R,2650 per lost or stolen record on average.
The 2022 Cost of a Data Breach Report is based on an in-depth analysis of real-world data breaches experienced by 550 organisations globally between March 2021 and March 2022. The research, which was sponsored and analysed by IBM Security, was conducted by the Ponemon Institute.
“As this year’s report reveals – organisations must adopt the right strategies coupled with the right technologies can help make all the difference when they are attacked. Businesses today need to continuously look into solutions that reduce complexity and speed up response to cyber threats across the hybrid cloud environment – minimising the impact of attacks,” says Ria Pinto, general manager and technology leader, IBM South Africa.
Security Immaturity in Clouds – Organisations studied which had mature security across their cloud environments, the costs of a breach were observed to be R4m lower than those that were in the midstage and applied many practices across their organisation.
Incident response testing is a multi-million rand cost saver – Organisations with an Incident Response (IR) team saved over R3.4m, while those that extensively tested their IR plan lowered the cost of a breach by over R2.6m, the study revealed. The study also found that organisations which deployed security AI or analytics incurred over R2m less on average in breach costs compared to studied organisations that have not deployed either technology– making them the top mitigating factors shown to reduce the cost of a breach.
Cloud misconfiguration, malicious insider attacks and stolen credentials are the costliest breach causes – Cloud misconfiguration reigned as the costliest cause of a breach (R58.6m), malicious insider attacks came in second (R55m) and the stolen credentials came in third, leading to R53m in average breach costs for responding organisations.
Financial services organisations experienced the highest breach costs – Financial participants saw the costliest breaches amongst industries with average breach costs reaching a high of R4.9 m per record. This was followed by the industrial sector with losses per record reaching R4.7m.
Globally, the report also showcased hybrid cloud environments as the most prevalent (45%) infrastructure amongst organisations studied. Global findings revealed that organisations that adopted a hybrid cloud model observed lower breach costs compared to businesses with a solely public or private cloud model. In fact, hybrid cloud adopters studied were able to identify and contain data breaches 15 days faster on average than the global average of 277 days for participants.
The report highlights that 45% of studied breaches globally occurred in the cloud, emphasising the importance of cloud security.
South African businesses studied that had not started to deploy zero trust security practices across their cloud environments suffered losses averaging R56m. Those in the mature stages of deployment decreased this cost significantly – recording R20m savings as their total cost of a data breach was found to be R36m.
The study revealed that more businesses are implementing security practices to protect their cloud environments, lowering breach costs with 44% of reporting organisations stating their zero-trust deployment is in the mature stage and another 42% revealing they are in the midstage.