Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    IBM Pegs Mega Breach Cost at $350M, as Average Breach Cost Hits $3.9M

    By
    Sean Michael Kerner
    -
    July 11, 2018
    Share
    Facebook
    Twitter
    Linkedin
      IBM data breach cost calculator 2018

      The cost of data breaches has increased over the past year, according to the 2018 Cost of a Data Breach Study conducted by the Ponemon Institute and sponsored by IBM, which was released on July 11.

      The new report found that the average cost of a data breach is now $3.86 million, which is a 6.4 percent increase over the figure reported in 2017. The $3.86 million figure is the total average cost of data breaches from an analysis of 477 companies around the world.

      The general sample does not include mega breaches, in which between 1 million and 50 million records are stolen. Mega breaches had much higher costs, ranging from $40 million to $350 million. The study’s figures for mega breaches, however, do not include costs for the Equifax breach, which occurred at the end of 2017.

      “The Equifax data breach would be considered an outlier for our general sample of 477 companies, which is bound by 100,000 compromised records,” Larry Ponemon, chairman and founder of Ponemon Institute, told eWEEK.

      For the mega breach component, Ponemon looked at 11 mega breaches that occurred in the past year. He noted that, given that the mega breach analysis included only breaches of up to 50 million compromised records and the Equifax breach reportedly affected around 150 million people, the total costs of mega breaches victims experienced would presumably be much higher than the costs found in the study.

      For the regular data breaches, the fact that costs rose again is not seen as a surprise by IBM.

      “The fact that the global cost of a data breach rose this year is no surprise, since this figure has risen fairly consistently each year of the report, with the exception of 2017, which was an outlier,” Wendi Whitmore, global lead for IBM X-Force Incident Response and Intelligence Services (IRIS), told eWEEK. “In 2017 we saw the global cost of a data breach decline slightly, though the bulk of that decline was in certain European countries, and many regions still saw increased costs last year.”

      Whitmore added that from IBM’s work with clients, her group has found that data breaches are becoming more advanced and complex, which increases the time to resolve and therefore the total cost of a breach. As such, she noted the fact that costs rose this year is aligned with what IBM is seeing in the field.

      Time to Detection

      The 2018 Cost of a Data Breach Study found that the average time it takes to identify a data breach was 197 days, up from 191 days in 2017. The time it takes to contain a breach rose to 69 days, up from 66 in the 2017 report. Once again, the report found a correlation between lower costs and those organizations that quickly detected breaches. According to the report, organizations that contained data breaches inside of 30 days spent over a million dollars less on data breach-related costs than organizations that took more than 30 days.

      “The amount of time it takes to resolve an incident ultimately depends on the scale and complexity of a breach,” Whitmore said. “For breaches conducted by highly skilled attackers, our analysis often identifies that the initial attack began months ago.”

      Whitmore added that IBM X-Force IRIS clients tend to have a more mature security posture overall, including proactive detection as well as immediate response capabilities, so often the total response time that IBM sees with clients is much lower than the average reported in the study. 

      Data Breach Costs

      One area of the report that was particularly interesting for the IBM IRIS team was examining the various cost centers contributing to the total cost of a breach, according to Whitmore. One of the costs identified in the report is lost business, which contributed to the total cost in different regions, especially the United States.

      “This is something that organizations don’t often consider, as they are focused on the direct costs such as investigation, technology and remediation costs,” she said. “Given that the cost of lost business accounts for around a third of the total cost, companies need to consider the fact that how they respond will have a big impact in terms of their overall business revenue.” 

      The report found that the use of artificial intelligence (AI) technologies reduces the cost of a data breach by approximately $8 per lost or stolen record. Making use of AI is an approach that IBM endorses and is already using in its cyber-security practice.

      “One big step we are implementing across our IBM Security Services is having our analysts use a new technology platform which uses various machine learning tools and customized AI algorithms to help streamline and automate certain parts of the response process,” Whitmore said.

      For instance, she said that AI tools can automatically weed out duplicate events and false positives for analysts, enabling them to focus their time on threats that need additional analysis, or take automated actions like implementing a virtual quarantine on affected endpoints. The IBM platform also uses AI to analyze historical response cases to predict and recommend responses for new events with a similar profile. 

      “Also, our analysts can take advantage of data from AI tools being used in client security operation centers, such as Watson for Cyber Security,” Whitmore said. “This extra data can help speed the response process and point our analysts in the right direction to begin the investigation.”

      Looking forward, Whitmore doesn’t expect the costs of data breaches to decrease in the coming year. Rather, she expects that costs will continue to rise.

      “Given GDPR [the European Union’s General Data Protection Regulation] going into effect, I think we can expect to see increased costs related to notification both in Europe and globally, as companies adjust to these new notification requirements,” she said. “This year we’ve also seen a lot of consumer attention and concern around data privacy and security, so the cost of lost business and customer turnover may also increase as people are becoming less willing to do business with organizations that they don’t trust to protect their data.”

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      Sean Michael Kerner
      Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×