IBM study finds data breaches are more expensive, harder to find and fix


New research published by IMB has concluded that data breaches are becoming more difficult to detect and repair, while the cost of sustaining a data breach is also becoming more expensive.

In their new annual survey, the computer giant discovered that financial damage incurred due to a data breach has climbed 12% over the last five years, and that the recovery process can impact upon finances for years to come.

The research was carried out on behalf of IBM by the Ponemon Institute. Larry Ponemon, the institute’s founder and chair said:

“This year, we found that the time it takes organizations to identify and contain a breach – what we call the data breach life cycle – is 279 days. The 2019 life cycle is 4.9 percent longer than the 266-day average in 2018.

“In addition, we found that the longer a breach’s life cycle is, the greater the total cost. This is especially true in the case of malicious and criminal attacks, which take an average of 314 days to identify and contain,” he added.

The survey pinpointed the average breach cost at $3.92 million, taking into account the multi-year financial hit of breaches, more intense regulation and the expenses attached to finding solutions to cyber-attacks.

The data also said that the average breach lasts for 279 days, with organisations taking 206 days to discover a breach after it has taken place, plus a further 73 days to bring it under control.

For 2019, the cause of most (51% of) data breaches was found to be malicious and criminal attack, with such incidents costing companies around $1 million more to sort out than accidental data breaches.

IT bugs and similar technology hiccups, combined with human error, were found to be the cause of a quarter of all data breaches.

“While much attention in the security world is placed on malicious attacks, it’s worth noting that breaches caused by system glitches and human error can have consequences that are just as serious,” Ponemon added.

Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.