2021 IBM Cost of a Data Breach Report is now available

You can download the report for free, but they do require your contact information.

https://www.ibm.com/security/data-breach

In addition to a fine cost analysis, the report also summarizes data on initial attack vectors that were primarily responsible for causing the breaches, and the length of time it took the organizations to detect and contain their breaches.

Key points and updates for SMB's:

• Cloud security efforts and management are essential;
• 20% (1 in 5) breaches were caused by compromised credentials (which is the largest compromise vector);
• Overall, it took an average of 287 days to identify and contain a data breach, seven days longer than in 2020;
• Customer PII (Personally Identifiable Information) was both the highest cost (avg. $180 per record) in a breach and the most breached (44% of breaches).

IBM uses the following four costs centers to calculate the cost of a breach:
Detection and escalation
— Forensic and investigative activities
— Assessment and audit services
— Crisis management
— Communications to executives and boards
Notification
— Emails, letters, outbound calls or general
notice to data subjects
— Determination of regulatory requirements
— Communication with regulators
— Engagement of outside experts
Lost business
— Business disruption and revenue losses
from system downtime
— Cost of lost customers and acquiring new customers
— Reputation losses and diminished goodwill
Post breach response
— Help desk and inbound communications
— Credit monitoring and identity protection services
— Issuing new accounts or credit cards
— Legal expenditures
— Product discounts
— Regulatory fine

Lost business was the largest cost, averaging 38% of total cost of an incident.

Members can keep watch for updates to the SOISA Playbook templates for simple actions for SMBs to take to become more secure.