Average cost of data breach continues to rise, IBM study finds


Content of the article

The average cost of a data breach continues to rise, according to IBM 17 e annual global study of the cost for an organization of a security incident.


Content of the article

For the 537 breaches that occurred in the 12-month period ending in March, participants estimated that data breaches cost their businesses an average of $ 4.24 million (all figures in US dollars) by incident, according to the report released Wednesday. This is the highest cost in the history of the survey.

The author of the report, the Ponemon Institute, also claims that there is evidence that security incidents have become more expensive and more difficult to contain because the COVID-19 pandemic has forced the staff of many organizations to work at residence. Many were not using protected corporate computers, nor were they protected by corporate cybersecurity defenses.

Breaches cost on average more than a million dollars more when remote work is a factor in a data breach, according to the report, compared to those where remote work is not a factor.


Content of the article

The survey consisted of nearly 3,500 interviews and examined data from 17 countries and regions and 17 different industries. The participants estimated their direct costs.

Canadian results

Among the 26 Canadian organizations studied, the average cost was $ 5.35 million. This was up slightly from the 2020 study. The average number of recordings exposed in this group was 24,400.

Graph of the average costs of a data breach in Canada over the past seven years
Average total cost of data breaches for Canadian organizations surveyed over the past seven years. IBM chart

“While it’s no surprise that data breach costs have peaked during the pandemic, it should be a stark reminder for businesses not to let security lag behind as they ramp up their business. digital transformation, ”Ray Boisvert, IBM Canada’s associate partner for security strategy, said in a statement.


Content of the article

“For Canadian financial and technology companies in particular, which digitize faster than others in the country and pay more per lost or stolen file, investing in data security, AI and encryption should go hand in hand with it. migration to the cloud.

Data breach costs include incident detection and escalation (such as forensic analysis, crisis management and audit services), notification to regulators and victims, post-breach response (helpline costs, credit monitoring for victims) and business losses.

Other findings from the 26 Canadian data breaches investigated include

· Financial sector breaches are by far the most expensive, at $ 383 per lost or stolen recording;

· Stolen user credentials were the most common method used as an entry point by attackers globally (20% of breaches) and for Canadian organizations;


Content of the article

· The use of AI, encryption and employee training have been the top three mitigating factors demonstrated to reduce the cost of a breach globally and in Canada. The report estimates that Canadian companies using these three strategies saved about $ 1.2 million compared to those that did not make extensive use of these tools;

· While the average time to identify a data breach improved in Canada last year from 168 to 164 days, the average time to contain a data breach slowed from 58 to 60 days. The global average among companies studied to detect and contain a data breach was 287 days (212 to detect, 75 to contain).

Mitigating factors

Globally, the organizations surveyed that had incident response teams and plans also had lower data breach costs than those that did not. Companies with an incident response team that also tested their incident response plan have an average breach cost of $ 3.25 million, while those that had neither in place suffered an average cost of $ 5.71 million.


Content of the article

Another interesting nugget was the impact of zero-trust security strategies among the companies surveyed. Generally speaking, zero trust requires all users to be authenticated, authorized, and continuously validated for security configuration and posture before being granted access to applications and data. Of the global group studied, only 35% had implemented a zero-trust security approach. However, those in the mature stage of their zero-trust deployment had an average breach cost of $ 1.76 million lower than organizations without zero-trust.

The report is available here. Registration required.

The Job The average cost of a data breach continues to rise, according to IBM research first published on IT World Canada.

This section is powered by IT World Canada. ITWC covers the business IT spectrum, providing news and information to IT professionals aiming to succeed in the Canadian market.


Software solutions and services to help organizations navigate thousands of grants and incentives, across North America.


Postmedia is committed to maintaining a lively but civil discussion forum and encourages all readers to share their views on our articles. Comments may take up to an hour of moderation before appearing on the site. We ask that you keep your comments relevant and respectful. We have enabled email notifications. You will now receive an email if you receive a reply to your comment, if there is an update to a comment thread that you follow, or if a user that you follow comments. Check out our community guidelines for more information and details on how to adjust your email settings.


Leave A Reply