IBM Report Finds Pandemic Led to More Expensive Data Breaches

IBM says data breaches became much more costly in the year following the pandemic, but the company did find preventative cybersecurity strategies for both small and large businesses.

Jess DeWitt

According to a report by IBM security, data breaches hit record highs in terms of cost due to the COVID-19 pandemic. Even before the pandemic, data breaches were becoming a more frequent problem for organizations, but due to multiple factors, they became more problematic in the past year.

IBM Security hired Ponemon Institute to compile its “Cost of a Data Breach report 2021” where they surveyed 500 organizations that were victims of data breaches.

TechRepublic has detailed the finding in an article that shows the average data breach now costing companies roughly $4.24 million per incident, which is the highest amount recorded by the report in its 17-year history.

The pandemic forced businesses to shift to a completely remote work environment, which in turn, led them to relying more on cloud-based technologies. With this sudden change, their cybersecurity often was lagging behind the technology changes, which impacted organization’s ability to prevent or contain data breaches.

This resulted in the average expense of a data breach rising by 10% in 2021 over the previous year and the breaches cost $1 million more ($4.96 million) on average when remote work was revealed to have played a factor compared with organizations without this factor ($3.89 million).

The pandemic overwhelmed healthcare companies more than any other industry and this led to them having the highest average cost per breach going up to $9.23 million, which is a $2 million increase from the previous year.

IBM found that stolen credentials were the most common cause of data breaches and that this specific type of breach also took the longest to detect at an average of 250 days compared with 212 days for other types of breaches. The most common type of data compromised was personal user information like names, email addresses, and passwords, which were exposed in 445 of all breaches.

IBM Data Identifies Preventative Cybersecuity Measures

But there were also some positive takeaways that could help organizations in the future. The study found that organizations further along in their cloud projects were able to detect and respond to breaches much quicker and more effectively in earlier stages.

The use of AI, encryption, and security analytics were extremely beneficial in reducing the costs of a data breach as companies that used these tools cut between $1.25 million to $1.49 million off their costs compared to others that didn’t use these tools.

The use of zero trust security also played an enormous role in reducing the cost of breaches as companies that employed this type of security had an average data breach cost of $3.28 million, which is $1.76 million lower than those that didn’t.

But most notably, companies that had incident response teams and response plans spent an average of $3.25 million per attack, compared with $5.71 million for those without them.


This article originally appeared on our sister publication Commercial Integrator‘s website.